A SmartFridge Just Got Hacked. Are Your Devices Next?

A Samsung SmartFridge Just Got Hacked. Are Your Devices Next?

 Every day in every way, our gadgets and home appliances are getting smarter. But they’re still not smart enough to thwart cyber attacks.

Recently, security researchers gained access to the computer inside a Samsung Smart Fridge (Model RF28HMELBSR). That fridge features a 8-inch touchscreen in the door, which lets you view your Web calendar, play Pandora music stations, get weather reports, watch TV, make phone calls, and more.

The Samsung SmartFridge is wide open to you and to hackers (Photo: Samsung).

White-hat hackers at Pen-Test Partners were able to use fake security credentials to intercept communications between the fridge and Google Calendar. Cybercrooks could potentially use a similar technique to steal your Google login names and passwords. However, those thieves would first need to log onto your Wi-Fi network to access the fridge.

That particular Samsung refrigerator has been available in the US since June 2014; it does not run software created by SmartThings, the IoT company Samsung acquired in August 2014. Neither Samsung nor SmartThings had responded to requests for comment at publication time.


The Samsung SmartFridge connects via Wi-Fi to your smartphone and smart TV — and, hopefully, not a hacker’s laptop (Photo: Samsung).

It takes a village

The research was conducted as part of the Internet of Things (IoT) hacking village at the annual DEF CON hackers conference, held earlier this month in Las Vegas. It was far from the only IoT device that got pwned.

Besides the fridge, the hackers also found 25 vulnerabilities in 14 allegedly smart devices, including scales, coffee makers, wireless cameras, locks, home automation hubs, and fingerprint readers.

At press time, the names of all the devices that were hacked and the severity of the exploits were unavailable, pending notification to the vendors, says Ted Harrington, executive partner of Independent Security Evaluators, which ran the IoT Hacking Village.


The list of devices that researchers at DEF CON 23 set out to pwn. Just because the device is on this list, however, doesn’t mean it was successfully hacked (Sohopelesslybroken).



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: