First we brought you breaking news about how your car can be hacked. Then we exposed the nasty truth about wireless pacemakers. Now we’re here to blow the door off all the “smart” refrigerators hellbent on exposing your private information.
Samsung’s new RF28HMELBSR line of fridges come equipped with a built-in smart screen that automatically syncs with Google Calendar to help you, your partner, and little Suzie and Timmy keep track of each other’s hectic schedules.
It may be called the fridge of the future, but a dubious security flaw allows hackers to gain access to a user’s Google credentials.
More Problems Than Just a Warm Can of Coke
Researchers at Pen Test Partners wasted no time in finding vulnerabilities in the fridge’s software. According to them:
“Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google’s servers to download Gmail calendar information for the on-screen display.”
In a man-in-the-middle attack, an attacker secretly accesses and maybe even alters the communications between your fridge and Google’s servers, giving them have access to your Google account credentials — and thus your emails, documents, photos, calendar, maps, and search history.
That’s ice cold.
The Internet of Things? More Like the Internet of Threats!
But the fun doesn’t stop there! Since the fridge syncs with other smart devices using a Smart Home app, hackers could potentially gain access to your smartphone, your laptop, and even your (gasp!) baby monitor.
The FTC estimates that by 2020 more than 50 billion devices will be embedded with Internet technology. Pretty cool, right?
Wrong. According to security researcher Daniel Crowley, syncing every device in your home could present a world of problems:
“It varies from device to device, but a common thread with a lot of these devices is they don’t require any authentication at all.”
Every smart object you bring into your home carries with it a cybersecurity risk.
Secure All Your Smart Things Now
But you’re not completely out of luck. Here are some tips for securing your smart objects:
- Use uncrackable passwords on each device.
- Update the system’s software frequently.
- Make sure your router has WPA2 encryption enabled. This will make your network connections more secure.
Do everything you can to secure your devices. That way the next time little Timmy opens the fridge for some OJ, you won’t have to worry about some stranger reading your email.
ExpressVPN’s #WTFWednesday brings you weird, shocking, and creepy stories about data privacy—pulled straight from the news. Think your privacy is yours? Think again. You will feel uncomfortable. You will be outraged. You will think, “WTF?!”
Also published on Medium.