Penetration testers have discovered an exploit that could potentially steal Gmail credentials of a user whose information is available in a Samsung smart fridge.
Security researchers have uncovered a man-in-the-middle (MiTM) vulnerability that leaves Samsung smart refrigerators open to an exploit that allows an attacker to steal the owner’s Gmail credentials, reports The Register.
The discovery came to light due to a contest facilitated by Samsung as an IoT (Internet of things) hacking challenge at the recently concluded DEF CON hacking conference.
The smart fridge is among a number of Samsung’s ‘Smart Home’ appliances that can be controlled using the Smart Home application. The RF28HMELBSR smart fridge implements SSL within its protocols but crucially, fails to validate the SSL certificates. This leaves it vulnerable and open to MiTM attacks through a majority of connections.
Gmail Synced and Vulnerable
The fridge’s ‘smart features’ allows the appliance to download the user’s Gmail calendar to the display embedded in the refrigerator. If a hacker gains access to the same Wi-Fi network the fridge is connected to, a user’s Google account login credentials are at risk.
Ken Munro, a security researcher at UK-based security firm Pen Test Partners, explains:
“The Internet-connected fridge is designed to display Gmail Calendar information on its display.
“It appears to work the same way that any device running a Gmail calendar does. A logged-in user/owner of the calendar makes updates and those changes are then seen on any device that a user can view the calendar on.”
Penetration testers also attempted a firmware-based attack through the software update channels, unsuccessfully. However, using the mobile app lead to discovering another potential (still unconfirmed) vulnerability.
The researchers’ discovery of a file in the mobile application’s code led them to believe that it contained the vital certificate that encrypts traffic between the smart fridge and the mobile application. While the certificate was passworded correctly, the credentials were seemingly stored in an obfuscated form within the mobile application.
Essentially, if the credentials were discovered, the password comes next before using the certificate to authenticate communications to the fridge wirelessly.
Samsung has released a statement to the Register in light of the Gmail vulnerability.
“At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide. We are investigating into this matter as quickly as possible. Protecting our consumers’ privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”
