You read that right: Refrigerators are hacking people (or at least they can).
The machine that you use to keep your perishables fresh can also be used maliciously against you if a hacker hijacks it. This all stems from a concept called the “Internet of Things,” or “IoT.” This has become an increasingly common topic these days. IoT is a process of networking everyday physical devices and appliances; the next stage of the information revolution. However, we are already in the beginning stages of IoT since we are controlling our home lighting, air conditioning, television, alarm systems, door locks, baby monitors, cameras, and more, all from a central device, such as our phone.
But, we may be rushing too fast into IoT, automating household appliances like refrigerators, washers, dryers, dishwashers, microwaves, and robotic vacuums, all of which connect to your home Wi-Fi for remote control. That means these devices are connected to the network and each have their own private IP address. When you rush through a project, your results won’t be your best. We reach the same conclusion for the manufacturers creating these next generation appliances that lack good security standards, making it more of an “Internet of Shit.”
Having a “smart” home sounds great, and this will probably be the future of our homes. Ordering food online and having it “magically” appear in your refrigerator would be cool in the future, but there are drawbacks.
In 2014, Proofpoint, a California-based security group, discovered something peculiar; a wide-scale hack that involved mostly televisions (but also a refrigerator) that were connected to the Internet. The hackers had somehow broken into more than 100,000 home appliances and devices and used them to send almost a million spam phishing emails to businesses and enterprises worldwide. This would be an example of a botnet, but more specifically, a “home appliance” botnet.
Most of the botnet, however, consisted of regular computers, but a good quarter of it was home appliances. Imagine that…getting a phishing e-mail sent to you from a refrigerator. Once a device is connected to the Internet, it’s kind of just like any regular computer. And like I mentioned earlier, these IoT appliances have poor security (e.g., default passwords or no security at all). Therefore, it wouldn’t be hard to break into these appliances.
In 2015, a team of hackers discovered a vulnerability in another potential refrigerator scare. A specific model of a Samsung refrigerator is designed to integrate the user’s Gmail Calendar with its display. Samsung implemented SSL to secure the Gmail integration, which is the same thing we use for HTTPS, but the hackers found that the refrigerator did not validate SSL certificates, opening the opportunity for hackers to access the network and monitor traffic for usernames and passwords used to link the refrigerator to Gmail. This would be a “Man-in-the-Middle (MitM) vulnerability.
Usually, when we connect to a Web site, our Web browser validates the SSL certificate of the Web browser by comparing it to a Certificate Revocation List (CRL). If certain criteria aren’t met, then our Web browser pops up a warning on our screen. The Samsung refrigerator doesn’t do that.
In this particular case, if your neighbor could crack your home Wi-Fi, he could initiate a MitM attack and capture your Gmail login credentials. Although I’m sure Samsung has resolved this issue since then, keep in mind two things. Number one, these IoT smart appliances will continue to roll out onto the market for consumers to buy. And, number two, our current encryption protocol we use for our Wi-Fi was cracked last year. Last October, security researchers demonstrated a critical exploitation of WPA2, leaving our home networks susceptible to decryption. Some patches are available, but others are still being prepared.
Neagle, C. (2015). Smart Refrigerator Hack Exposes Gmail Login Credentials. IDG Communications, Inc. Retrieved from https://www.networkworld.com/article/2976270/internet-of-things/smart-refrigerator-hack-exposes-gmail-login-credentials.html
Zolfagharifard, E. (2014). Cybercriminals Hack a REFRIGERATOR: Will the ‘Internet of Things’ Create a New Bot Army for the Spammers? Associated Newspapers Ltd. Retrieved from http://www.dailymail.co.uk/sciencetech/article-2541306/Cyber-criminals-hack-REFRIGERATOR-send-malicious-emails-worlds-household-attack.html