I am not going to bother to even pretend to be surprised about this one….
Hackers have successfully extracted login details for Google’s Gmail email service from a Samsung smart fridge.
The affected fridge is the Samsung RF28HMELBSR. The fridge is equipped with a built-in display that can be used to view, amongst other things, calendar details. The aim is to let the whole household plan their calendar online, putting an end to the scribbled notes found under fridge magnets around the world. Users have to provide the smart fridge with their Gmail details in order to use this feature.
Unfortunately, the fridge fails to validate the SSL security certificates sent by the Google servers at login. This makes it open to man-in-the-middle attacks because the fridge never checks to see that it is actually connected to Google, although SSL is implemented and certificates requested.
That pretty much sums it up.
Don’t feel there is much more to add.
