http://www.networkworld.com/article/2976270/internet-of-things/smart-refrigerator-hack-exposes-gmail-login-credentials.html
By Colin Neagle
Network World
Aug 26, 2015
A team of hackers recently discovered a man-in-the-middle vulnerability in
a Samsung smart refrigerator that can be exploited to steal Gmail users'
login credentials, The Register reported this week.
Hackers from security company Pen Test Partners discovered the flaw while
participating in an Internet of Things (IoT) hacking challenge at the Def
Con security conference earlier this month. The smart refrigerator,
Samsung model RF28HMELBSR, is designed to integrate the user's Gmail
Calendar with its display. Samsung implemented SSL to secure the Gmail
integration, but the hackers found that the device does not validate SSL
certificates, opening the opportunity for hackers to access the network
and monitor activity for the user name and password used to link the
refrigerator to Gmail.
"While SSL is in place, the fridge fails to validate the certificate," Ken
Muro, a security researcher at Pen Test Partners, told The Register.
"Hence, hackers who manage to access the network that the fridge is on
(perhaps through a de-authentication and fake Wi-Fi access point attack)
can Man-In-The-Middle the fridge calendar client and steal Google login
credentials from their neighbors, for example."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
