Google login credentials at risk from smart refrigerator hack

Hackers recently uncovered a man-in-the-middle vulnerability in a Samsung smart refrigerator. The flaw could be exploited to steal the login credentials of Gmail users.

A team of hackers from Pen Test Partners discovered the flaw while participating in an Internet of Things (IoT) hacking challenge at Def Con earlier this month.

Samsung model RF28HMELBSR is designed to mix the user's Gmail calendar with its display. Samsung implemented SSL to secure the integration, but hackers found that the device doesn't validate SSL certificates. This provides the chance for hackers to access the network and monitor activity for the username and password used to link the refrigerator to Gmail.

Samsung reported that it is, “investigating into this matter as quickly as possible.” However, the Pen Test Partners hacking team said that this man-in-the-middle attack wasn't the only potential vulnerability they found.