Notwithstanding the exciting possibilities of internet connected fridges, there are some cases of fridge that have security vulnerabilities & should be harsh lesson for all Internet of Things (IoT) vendors.
Two Internet Refrigerator Products & Security Risks Case Studies
Contributed by | Jogmon
The classic Internet connected home of the future automatically orders milk from the local store when it’s running low in the fridge. While that maybe sometime away, here are two companies integrating your fridge to the internet showing you some possibilities & two security risk case studies from these connected devices.
The Samsung 4-Door refrigerator with 8" Wi-Fi Enabled LCD will allow you to browse the web, access apps and connect to other Samsung smart devices – opening up a world of interactive communication and entertainment.
FirstBuild is a partnership between GE Appliances and Local Motors to create a new model for the appliance industry, engaging a community of industrial designers, scientists, engineers, makers and early adopters to address some of the toughest engineering challenges and innovations. ChillHub is a refrigerator with USB capabilities and WiFi connected. This will give developers a platform to create awesome new add-on products like a butter softener compartment, food scale/weight sensor, deodorizer, auto-fill water pitcher, temperature modules, baby bottle IR, external speakers, voice control, etc.
Notwithstanding the exciting possibilities of internet connected fridges, there are some cases of fridge that have security vulnerabilities & should be harsh lesson for all Internet of Things (IoT) vendors. Here are two examples of Security Risks from Internet fridges:
Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim’s fridge from next door, or on the road outside and you can potentially steal their Google credentials.
The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks. The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location -- and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.
Jogmon covers open source, sensors, IoT & related topics.
This post does not have any comments. Be the first to leave a comment below.
Post A Comment
You must be logged in before you can post a comment. Login now.