We might be living in a smart world, but that doesn’t mean we are safe from all vulnerabilities. In fact, people might become more vulnerable to hackers. This was proved recently when hackers got hold of the Gmail credentials of the owner of a Samsung smart fridge. This was discovered by Pen Test Partners and reported by The Register.
Don’t Miss – 3 Smart Home Devices with Voice Activation
Pen Test Partners is a firm that specializes in finding exploits. The company found out the hacking vulnerability in Samsung smart fridges.
Hack in Samsung Smart Fridge
A man-in-the-middle attack was discovered by the firm. In such an attack, the hackers seize data as it passes between the device and the server. The hack was found out in Samsung’s RF28HMELBSR fridge with Wi-Fi functionality that lets user show their Gmail calendar on the display screen. A Secure Sockets Layer (SSL) has been implemented by Samsung but the fridge didn’t validate the certificates which are a part of the SSL protocol. This made the fridge vulnerable to attack.
A valid SSL certificate will have a valid code which has to be received by the browser from the website host. This was not done by Samsung.
Ken Munro, a partner at Pen Test, said “While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on…can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbors.”
Other exploits have also been found out against the Internet of Things (IoT) devices like Samsung smart fridges. The firm had found out that Samsung had failed to encrypt voice recordings which were sent by its Smart TVs over the web.
Rising Safety Concern
This issue shows a rising concern about the safety of the Internet of Things. There will always be flaws, when it comes to security of these IoT devices. In the future, our homes will be full of these smart devices and some people believe that our privacy will be compromised irreversibly. How these issues can be overcome, is a big question now. Developers of these connected gadgets should work on the privacy issues so that the user’s credentials are not open to the vulnerabilities of hacking.
What do you think about this breach of safety? Do you use any smart home gadget in your home? We would love to hear your thoughts on this.