Samsung Smart Fridge – MiTM attacks on ConnectionsSecurity researchers have identified a possible way of stealing user’s Gmail identifications from Samsung smart fridge. At the recent DEF CON hacking conference, Pen Test Partners have discovered the MiTM – man-in-the-middle, weakness which enabled the exploit at the time of the IoT hacking challenge. The hack was against the RF28HMELBSR smart fridge, a part of Samsung’s line-up of Smart Home appliances that is controlled through their Smart Home app.
Though the fridge gears SSL, it tends to fail in validating SSL certificates thus enabling man-in-the middle attacks on most of the connections. Internet connected devices are designed to download Gmail Calendar information to on-screen display. Security shortcomings would mean that hackers who tend to be on the same network could possibly steal Google login information from their neighbours.
According to a security researcher at Pen Test Partners, Ken Munro, `the internet-connected device is designed to download Gmail Calendar information on its display and it seems to work the same way like any device running a Gmail calendar. User or owner of the calendar, logged in, can make updates and those changes are then seen on any devices which a user could view the calendar on
Fridge Fails to Validate CertificateThe fridge fails to validate the certificate while the SSL is in place and hence the hacker who tend to access the network where the fridge is on, probably through a de-authentication and fake Wi-Fi access point attack, can man-in-the-middle, the fridge calendar client and steal Google login information from the neighbours.
Since the fridge has not yet been in Europe, the UK based security consultancy fell short of time at DEF CON in trying to interrupt communications between the fridge terminal and the software update server. Efforts were made to mount a firmware-based attack through a customer updates was not successful but they had more safety when it pulled apart the mobile app and discovered the possible security problem in the process, though was not confirmed.
Name of a file that was found in a keystore of the mobile app’s code indicated that it comprises of the certificate which was used to encrypt traffic between the mobile app and the fridge.
Working on IoT Security/Hacking ResearchThe certificate had the correct password though the information to the certificate seemed to be stored in the mobile app in an obscured manner.
Then the next step would be to find out the password and use the certificate data in order to confirm to the fridge and send commands over the air to it. Pedro Venda of Pen Test Partners adds that `they wanted to pull the terminal unit out of the fridge in order to get physical access to things such as the USB port and serial or JTAG interfaces, but were unable to do so since they had run out of time. The MiTM is sufficient enough to expose a user’s Gmail information’.
The team at Pen Test Partners are working on more IoT security and hacking research. It had published research that revealed Samsung’s smart TV’s failure to encrypt voice recordings sent through internet, in February. Samsung had informed that they were looking into the issue and stated that `at Samsung they understand that the success depends on consumer’s trust and the products and services provided. Protecting consumers’ privacy is the top priority and will work hard each day to safeguard valued Samsung users’.