Notwithstanding the exciting possibilities of internet connected fridges, there are some cases of fridge that have security vulnerabilities & should be harsh lesson for all Internet of Things (IoT) vendors.

Two Internet Refrigerator Products & Security Risks Case Studies

Contributed by | Jogmon

 

The classic Internet connected home of the future automatically orders milk from the local store when it’s running low in the fridge. While that maybe sometime away, here are two companies integrating your fridge to the internet showing you some possibilities & two security risk case studies from these connected devices.

 

Samsung RF28HMELBSR Internet Fridge

The Samsung 4-Door refrigerator with 8" Wi-Fi Enabled LCD will allow you to browse the web, access apps and connect to other Samsung smart devices – opening up a world of interactive communication and entertainment.

 

ChillHub by FirstBuild

 

FirstBuild is a partnership between GE Appliances and Local Motors to create a new model for the appliance industry, engaging a community of industrial designers, scientists, engineers, makers and early adopters to address some of the toughest engineering challenges and innovations. ChillHub is a refrigerator with USB capabilities and WiFi connected. This will give developers a platform to create awesome new add-on products like a butter softener compartment, food scale/weight sensor, deodorizer, auto-fill water pitcher, temperature modules, baby bottle IR, external speakers, voice control, etc.

Notwithstanding the exciting possibilities of internet connected fridges, there are some cases of fridge that have security vulnerabilities & should be harsh lesson for all Internet of Things (IoT) vendors. Here are two examples of Security Risks from Internet fridges:

 

Samsung Internet fridge Security Vulnerability

Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim’s fridge from next door, or on the road outside and you can potentially steal their Google credentials.

 

IoT Attack Uncovered by Proofpoint

The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks. The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location -- and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.

 

About Jogmon
Jogmon covers open source, sensors, IoT & related topics.

 


Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

This is Control4 Home Automation with Amazon Alexa.

This is Control4 Home Automation with Amazon Alexa.

INTRODUCING THE SIMPLEST WAY TO CONTROL YOUR ENTIRE HOUSE YOUR VOICE. Imagine this... We've all been there-walking through the door into a dark house, arms full. Wouldn't it be nice to tell your house to offer a helping hand? Now you can. A simple voice command-such as "Alexa, turn on Welcome"-lights up the hallway and kitchen, fires up your favorite Pandora station, while the door locks itself behind you. This is Control4 Home Automation with Amazon Alexa.