Some Samsung fridges which have the capability to connect to the internet in order to show the google calendar information are subject to an attack called as “man-in-the middle” to steal the login information.
The hack was discovered by a firm called as the pen test partners which specialize in finding security loopholes of various devices. They discovered the man-in-the-middle venerability in the Samsung fridge with a model number RF28HMELBSR.
The specific attack is possible as Samsung has implemented a secure sockets layer otherwise called as the ssl protocol. The data, in this attack, is intercepted in the middle ground between the device (fridge) and the Gmail server. The data is sent to the device so that the Gmail calendar and other account information can be displayed on its screen. The information is sent using the Wi-Fi. The data breach is possible as the fridge fails to validate the certificates that come with the protocols. Which in turn leaves the device in a state where anyone with proper knowledge and right tools can breach your data.
“While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on…can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours.” Says the security firm.
Samsung, on its part, hasn’t said anything about this issue. More information will be updated as soon as Samsung releases a statement.