$3,599 is a steep price. It could snag you a reliable used car, a feature-packed iMac, 3,599 McChicken sandwiches, or 2,589 McDoubles. Or, opt for the Samsung RF28HMELBSR refrigerator.
This four-door behemoth offers 28 cubic feet of space and a built-in WiFi-enabled 8-inch LCD touchscreen for reading news, viewing recipes, or even remotely controlling your Android phone.
If it rings a bell, it's because we've previously spotlighted it among standout smart home appliances—like Tweeting Web-Controlled Fridges and Rice Cookers: 9 of the Coolest Smart Home Appliances. Yet, it ships with a glaring security vulnerability.
Despite its advanced features, this fridge has a flaw enabling attackers to steal Gmail login credentials undetected.
Reported by The Register on August 24, the issue was uncovered by UK firm Pen Test Partners during an IoT hacking challenge at Defcon 23.
The touchscreen accesses Google Calendar with SSL-encrypted connections to Google servers. What is an SSL certificate and why do you need it?
This setup invites 'man-in-the-middle' attacks from anyone on the network, or via spoofed access points and remote exploits. What is a man-in-the-middle attack? Security jargon explained.
Samsung states they are 'investigating this matter as quickly as possible' and prioritizing a patch. This incident underscores IoT security pitfalls.
We've long warned of IoT risks, from privacy breaches to hidden threats. Why the Internet of Things is the biggest security nightmare.
Updating these devices isn't like PCs or phones, where auto-updates (e.g., Windows 10) keep things secure. How to turn off automatic updates in Windows 10. Many smart gadgets lack over-the-air updates, relying on clunky software or none at all.
How do you patch a networked coffee maker or smart thermostat? There's no standard solution.
DIY projects via Arduino, Raspberry Pi, or Windows 10 IoT amplify risks, as novices often overlook security. Windows 10 coming to an Arduino near you?
Longevity compounds issues: Smart home firms are often startups that fold, leaving devices orphaned. Why hardware startups are hard: Bringing ErgoDox to life. Layoffs at Leeo and Wink highlight this.
Devices outlast support—will Nest or Philips patch like Microsoft did XP? What does Windows XPocalypse mean for you?
Internet exposure worsens risks, inviting remote attacks. Tools like Shodan scan for vulnerable devices worldwide—from power plants to webcams.
A 'webcam' query reveals thousands of exposed cams. I won't access any to avoid breaching laws like the UK's Computer Misuse Act. The Computer Misuse Act: Criminalizing hacking in the UK.
It's alarming—our homes are increasingly findable online targets.
Vulnerabilities like Samsung's are inevitable, but quick fixes and long-term support mitigate them.
Enhance developer training via resources like OWASP for secure IoT design.
Mandate open-sourcing code upon bankruptcy or neglect. Consumers: Demand lifetime security patches, rapid responses, and transparency—boycott those who fall short.
These steps could yield safer smart homes. What do you think? Share IoT horror stories or ideas in the comments.
