Follow us

Is buying a smart refrigerator really a smart choice?

Being another misdone IoT device, a smart refrigerator could be seen as the weakest link that can expose you to cyber-attacks.

Published: November 16, 2021 By Ozair Malik

Digital app of smart refrigerator opened on a smartphone, communicating with a smart-refrigerator.

Image source – Shutterstock.com

If I tell you that your newly bought smart refrigerator saves a lot of your time and energy is a snitch that could become a reason for your death, would you believe me? If not, keep reading.

Remember when F society took control over the entire house by hacking into the IoT devices in an episode of Mr. Robot? I bet you thought it was only possible in fiction, but various such cyber-attacks have been reported in reality.

According to a report issued by Proofpoint in January 2014, a seemingly harmless high-end smart refrigerator was used in a cyber-attack in which approximately 100,000 devices were hacked.

However, suppose you want to know how you can use your purchase carefully. In that case, I am here to explain all the security risks you might encounter while using smart refrigerators and suitable methods you can adopt to prevent data exposure.

How an average user is at risk?

Since appliance makers have little understanding of security risks compared to computer manufacturers and software companies, hackers have become easy to hijack their devices.

Like all the other IoT devices, a smart fridge is connected to a local network and, thus, is susceptible to vulnerability. Due to the interconnection between all the IoT devices, cybercriminals can steal confidential information from your computers and spread malware across them.

Moreover, since many companies like LG and Samsung don't have transparent software support policies, users cannot know whether the software updates are patching security holes. The user also doesn't know whether the company would offer consistent software updates or not, and thus, their devices could be used for launching massive DDoS attacks.

The Evolution of Smart Refrigerators

You might be wondering, if this is how much harm an IoT device can cause, then how do companies get people to pay them for bringing such deceivable devices to their homes?

Apart from the buzzword IoT, these companies generate sales because of the extremely useful features these IoT refrigerators have. Their perceived usefulness has proved to be a key factor in their user acceptance.

By listing excruciatingly cool features from the self-analysis of technical faults to the smart monitoring of its content and whatnot, these companies get customers blindsided to buy these snitches for their homes.

The table below shows how these "useful" features have increased over the past years by listing the features of some of the best considered smart fridges. There might be similar devices that are not listed in this table.


Device Name
Features
Electrolux Screenfridge (1999)
It makes grocery shopping a cakewalk through barcode scanning.
Cisco refrigerator (2000)
It contains an integrated Web-browser allowing it to download recipes according to its content.
LG Digital Multimedia Side-By-Side Fridge Freezer (2003)
It is equipped with a built-in MP3 player, camera, and microphone and has full internet access to restock online.
Whirlpool central park  (2007)
They are equipped with a satellite radio, a digital picture frame, a DVD/CD player, and a Web tablet with an interactive message board.
Samsung Smart refrigerator (2009)
It contains a detachable LCD screen for innovative food management.
GE Café CFE28TSHSS (2015)
Equipped with smooth-gliding shelves, spill-proof rubberized door bins, LED lights, as well as a hot water dispenser, and kept constant temperatures for preserving food.
LG InstaView Door-in-Door (2021)
Designed to let the user see inside without opening the door, it has five different temperature settings and more usable space due to a full-convert drawer and the largest capacity French Door which reduces trips to the grocery store.

These IoT devices are a great embodiment of technological advances, but many incidents have proved that these appearances are deceptive. According to an annual report on global cyber security, there were 304 million ransomware attacks worldwide in 2020. This was a 62 percent increase from a year prior and the second-highest figure since 2016.

Countries at risk

The table below lists the names of countries that are vulnerable to this kind of data exposure.


Country (non-exhaustive)
Canada
United Kingdom
India
Germany
China
Australia
Thailand

This research is carried out by the search engine "Shodan." After seeing the results of exposed smart fridges, it became clear that these devices have made hacking a child's play, and your entire network could be compromised if a hacker hacks one of such insecure devices.

shodan

What are the causes of data exposure?

Now that we have established that most IoT devices have latent security vulnerabilities let's explore some of the causes of data exposure.

Since all these smart refrigerators have software instead of compressors, they are more susceptible to hacking. This is because of the bugs that are a mandatory part of any software development process. These bugs can potentially become that weakest link, making hacking plain sailing for cybercriminals.

Apart from this, remember how I told you that your smart refrigerator can self-diagnose any technical fault, and signals can be sent from the factory to the fridge, including commands and software updates. Conversely, the manufacturers can also receive data from your smart fridge, and so can a skillful hacker!

Samsung RF28HMELBSR fridge Vulnerabilities

The researchers at Cooltechzone.com investigated an attack on smart-fridge. The malware installed on the fridge was sending out spam emails. Amazingly, 750,000 messages were sent in the spam attack. All the emails were routed through the refrigerator's IP address.

SPAM emails sent via the compromised smart-refrigerator investigated by Proofpoint team.

One of the researchers, Mr. Dymtro, believed that the malware reached the device itself due to the poor security model of appliances. Also, most appliance users didn't change default passwords, which provided a back-door to hackers.

He added that such cyber-attacks on smart appliances would be the norm in the near future due to smart homes' increasing popularity.

Also, in Defcon 23's IoT village, security researchers of Pen Test Partners managed to hack the Samsung RF28HMELBSR fridge – the same refrigerator tested by our team.

The fridge implemented SSL, but it failed to validate the SSL certificates, providing a back-door for a man-in-the-middle attack (MITM). My team managed to capture the communication between smart-fridge and Google calendar service, thereby stealing the Google login credentials.

Gmail login credentials exposed via MITM on the Samsung fridge by Pen Test Partners Team

The Google calendar service is there to plan and schedule the events. Cooltechzone.com Team added that they could have easily sent over content to smart-appliance by attaching tags to calendar entries.

Moreover, the possibility of faking a firmware update to compromise the refrigerator via a malicious custom update was also there. I sniffed the TCP communication packets traveling between Google Services and Fridge. From there, I got the IP address and sent a fake firmware update containing the malicious script to the fridge. I successfully managed to gain access.

The software version and Model name of Samsung smart-fridge required for firmware attack.

Alongside, the fridges terminal has at least two listening services- port 4444 (SSL) and port 8888.

The TCP service on port 4444 requires a client-side certificate for authentication on most client-side requests. The terminal has a very poor validation system, and all CA's are not validated on most requests. Mobile apps also use this service, and the certs are stored in the mobile app code.

We examined and reverse engineered the mobile app, found the certificates stored in a Keystore file. However, the file was encrypted, and we had to break that encryption to get past the certs.

Amazingly, we found the decryption key in the client-side certificate. But, it was obfuscated; we had to reverse engineer to get around it. 

Here is the contents of sniffed TCP packet at port 443:

HTTP/1.1 200 OK

Date: Sun, 26 Sep 2021 12:00:11 GMT

Content-Type: text/html

Content-Length: 12584

Last-Modified: Tue, 14 Apr 2020 04:02:43 GMT

Connection: keep-alive

ETag: "5e9535e3-3128"

Server: Samsung Smart Fridge (Nginx/0.7)

Accept-Ranges: bytes

 

SSL Certificate

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

             04:f7:27:3b:0c:49:5b:95:35:30:13:2e:d3:9d:db:a4:35:e4

        Signature Algorithm: sha256WithRSAEncryption

        Issuer: C=US, O=Let's Encrypt, CN=R3

        Validity

            Not Before: Apr  7 23:28:43 2021 GMT

            Not After : Jul  6 23:28:43 2021 GMT

        Subject: CN=rapidrblx.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                RSA Public-Key: (2048 bit)

                Modulus:

              ...

                Exponent: 65537 (0x10001)

        ...

    Signature Algorithm: sha256WithRSAEncryption

       ...

How to prevent smart appliances data exposure?

To tackle this problem, adequate measures must be taken on both ends, i.e., by the manufacturers and customers. In the following sections, we will explore some of the steps that individuals and manufacturers could take to prevent data breaches.

Recommendation for users or customers

The first step towards protecting yourself from data theft is becoming aware of your devices and understanding their functioning, capabilities, and methods to secure them. Change your default settings and set lengthy and strong passwords which are unpredictable.

Another step to secure your personal information is to create a separate email account for your IoT devices or, if possible, create a different account for each IoT device. This will help a lot to protect your privacy and sensitive personal data such as login credentials.

Recommendations for manufacturers

The appliance makers can play a key role in preventing data exposure as the main problem resides within the security model of IoT devices. Some of the practices these manufacturers can include embedding firewalls with blocklist and allowlist support to monitor incoming messages from the web and reject any that were not previously approved.

Usually, the device manufacturers get their control sub-assemblies from a wide network of smaller constructors, occasionally with a worldwide supply chain. Hence, they need to ensure that the sub-assemblies they use are secure from hacks.

Conclusion

The scary part here is that this fridge is still being shipped in the UK and other countries mentioned in the above chapter. Hence, consumers need to be aware of the risks.

Thus, both customers and manufacturers need to play their part in reducing security risks in smart appliances. So if you are planning to buy a smart refrigerator, I won't discourage you from buying it as it could save you a lot of time and money.

But I would warn you to make sure you do thorough research about the product you are purchasing, visit its website, check whether they have a transparent policy for software support, and ask about software updates and other device features.

The above practice should ensure that the smart appliance you purchase makes your life easier, not vulnerable.

Please feel free to comment below if you have had a security incident with your smart refrigerator.

Author
Ozair Malik
A passionate Cyber Security researcher and writer with a keen interest in Digital Forensics. A community worker running a insta blog to raise cybersecurity awareness among laymen.

Leave a comment

click to select