Is Your Smart Fridge Sending Email?

I’m amazed.  We know only too well that hacking and ID theft is rampant, compromising records everywhere in massive numbers.  But in the move toward digital and connected everything, know called Internet of Things, something truly unexpected cropped up.  Like Smart Fridges and TV’s spamming in a massive way!

Two articles this week show appliances may be "smart" but vulnerable.

Smart Fridge, TV Caught Sending Spam Email

The world of Internet of Things can be glorious. After all, it will be a world where a fridge would tell you when you have consumed all chocolates and a visit to market is required. But it seems it can also be scary and spammy. In a first, a fridge has been identified by security researchers as one of the machines behind a spam email attack.

According to Proofpoint, a cyber security research firm, between December 23, 2013 and January 6, 2014, there were a featured waves of malicious emails, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide.

"More than 25 per cent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centres, televisions and at least one refrigerator," noted a report prepared by Proofpoint.
Read more at: http://indiatoday.intoday.in/technology/story/smart-fridge-internet-of-things-televisions-caught-sending-spam-emails/1/460739.html

Security for the Internet of things is still flawed.
In yet another example of a manufacturer of a connected product failing to secure said product, Samsung’s connected fridge allows malicious people to steal a consumer’s Gmail login credentials provided they can get on the user’s Wi-Fi network. The exploit, known as a man-in-the-middle attack, is made possible because the Samsung smart fridge lets people link their Gmail calendars to a screen in the fridge’s door so they can see their day’s events.

It’s a handy feature, except when a person logs in, the fridge says it provides SSL encryption, but fails to actually verify that the server on the Google end has the right certificate to actually get the encrypted data. It just hands it over. This is akin to a club saying it checks IDs only to let people get in without actually looking at the date on those IDs. Thus anyone on the consumer’s Wi-Fi network could pretend to be Google’s calendar service and snag the consumer’s Gmail login credentials. From there the hacker could wreak all kinds of havoc. Fortune has reached out to Samsung to see what it has to say about the vulnerability.

Read more at: http://fortune.com/2015/08/24/samsungs-smart-fridge-hacked