|(pc- google images)|
The coding in the mobile app contains a certificate that enables the encryption of credentials between the fridge and the mobile app. The certificate is correctly passworded, but the credential to the certificate appeared to be stored in the mobile app in an obfuscated form. So, if the codes of the certificates are broken down, it will allow the hacker to send commands to the fridge.
Pedro Venda of Pen Test Partners remarked “We wanted to pull the terminal unit out of the fridge to get physical access to things like a USB port and serial or JTAG interfaces, but ran out of time. However, we still found some interesting bugs that definitely merit further investigation. The MiTM alone is enough to expose a user’s Gmail creds.”
This fiasco has created a tensed atmosphere in the Samsung Headquarters. In an open statement, the company ensured that “At Samsung, we understand that our success depends on consumers’ trust in us, and the products and services that we provide. We are investigating into this matter as quickly as possible. Protecting our consumers’ privacy is our top priority, and we work hard every day to safeguard our valued Samsung users.”