• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living

2

Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs

3

Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998

1

Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living

2

Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs

3

Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
TechSamsung

Samsung’s smart fridge could be used to steal your Gmail login

By
Stacey Higginbotham
Stacey Higginbotham
Down Arrow Button Icon
By
Stacey Higginbotham
Stacey Higginbotham
Down Arrow Button Icon
August 24, 2015, 1:10 PM ET
Image courtesy of Samsung.
Add Fortune on Google for similar content.

In yet another example of a manufacturer of a connected product failing to secure said product, Samsung’s connected fridge allows malicious people to steal a consumer’s Gmail login credentials provided they can get on the user’s Wi-Fi network. The exploit, known as a man-in-the-middle attack, is made possible because the Samsung smart fridge lets people link their Gmail calendars to a screen in the fridge’s door so they can see their day’s events.

It’s a handy feature, except when a person logs in, the fridge says it provides SSL encryption, but fails to actually verify that the server on the Google end has the right certificate to actually get the encrypted data. It just hands it over. This is akin to a club saying it checks IDs only to let people get in without actually looking at the date on those IDs. Thus anyone on the consumer’s Wi-Fi network could pretend to be Google’s calendar service and snag the consumer’s Gmail login credentials. From there the hacker could wreak all kinds of havoc. Fortune has reached out to Samsung to see what it has to say about the vulnerability.

The vulnerability was discovered during a hackathon at the Defcon event earlier this month and covered by The Register Monday morning. Pen Test Partners discovered the weakness and blogged about both the vulnerability and how it systematically tried to attack the fridge.

 

The best part about the blog post is how clearly it shows off the mindset of someone trying to break the security of a connected product. Failure was only a temporary setback brought about because they hadn’t tried the right passwords or had enough time in this particular setting. For example, check out the confidence in this section (emphasis mine)

We pulled apart the mobile app and found what we believe is the certificate inside a keystore. We “believe” we did because it is has a name that suggests this. However, it is correctly passworded and we are yet to extract the password that opens the key store. We think we’ve found the password to the certificate in the client side code, but it’s obfuscated and we haven’t got round to reversing it, yet.

The challenge here is that connected products are being put out in the market by manufacturers who aren’t necessarily familiar with the importance of security. In some cases, they are legitimately unaware of the threats, but in others they are taking what they feel is a more cost-effective route, believing that they can just add security later. They cannot: Security must be designed in these products from the ground up. A second challenge is that many vendors are relying on consumers to be far more savvy about security than they are.

The Internet connected device industry needs to grow up and do so quickly, before consumers lose trust and regulators decide to get involved. Today it’s a security firm demonstrating a vulnerability, but tomorrow it may very well be a team of blackmailing moralists or a group trying to bring down a company.

About the Author
By Stacey Higginbotham
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

Shark Tank’s Kevin O’Leary says if he were 25 today, he’d chase these two booming opportunities in the world of AI
AIEntrepreneurs
Shark Tank’s Kevin O’Leary says if he were 25 today, he’d chase these two booming opportunities in the world of AI
By Marco Quiroz-GutierrezJuly 5, 2026
1 hour ago
Mark Zuckerberg takes business calls on a jet ski wearing his $800 Meta glasses—and insists ‘the other person could not tell’
Big TechMark Zuckerberg
Mark Zuckerberg takes business calls on a jet ski wearing his $800 Meta glasses—and insists ‘the other person could not tell’
By Sydney LakeJuly 5, 2026
3 hours ago
k
CommentaryBox office
How Hollywood’s youngest filmmakers are exposing Gen Z’s real problem with AI
By Reid LitmanJuly 5, 2026
3 hours ago
Apple’s next CEO will oversee a $4 trillion tech giant, but isn’t on LinkedIn. Can today’s leaders still skip social media?
C-Suitechief executive officer (CEO)
Apple’s next CEO will oversee a $4 trillion tech giant, but isn’t on LinkedIn. Can today’s leaders still skip social media?
By Rachel VentrescaJuly 5, 2026
4 hours ago
werzyn
AIEntrepreneurship
The CEO using AI to double revenue with 1,000 fewer hires: ‘Nobody’s going to replace the last mile’
By Nick LichtenbergJuly 5, 2026
5 hours ago
a
EconomyU.S. economy
America’s entrepreneurial boom begins long before venture capital
By Anthony HernandezJuly 5, 2026
7 hours ago

Most Popular

Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
Success
Even as Elon Musk calls philanthropy ‘very hard,’ everyday Americans gave a record $617 billion—despite feeling the squeeze over the cost of living
By Preston ForeJuly 4, 2026
1 day ago
Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
Law
Egg companies made $1.22 billion in profit off a $6 carton — now they’re buying their way out of a price-fixing case with 53 million donated eggs
By Wyatte Grantham-Philips and The Associated PressJuly 2, 2026
3 days ago
Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
AI
Meet the Zillennials: The luckiest micro-generation in the workforce, born between 1993 and 1998
By Nick LichtenbergJuly 3, 2026
2 days ago
$25 billion CEO says one-hour interviews are a waste of time—he puts candidates through six hours of tests and wants them to order wine at lunch
Success
$25 billion CEO says one-hour interviews are a waste of time—he puts candidates through six hours of tests and wants them to order wine at lunch
By Orianna Rosa RoyleJuly 3, 2026
2 days ago
Economists have found an answer to slowing cognitive decline: Avoid retiring early, study finds
Economy
Economists have found an answer to slowing cognitive decline: Avoid retiring early, study finds
By Sasha RogelbergJuly 2, 2026
3 days ago
A quarter of young baby boomers and Gen Xers who’ve been laid off in the last decade are still unemployed—and 11% have taken pay cuts to work
Success
A quarter of young baby boomers and Gen Xers who’ve been laid off in the last decade are still unemployed—and 11% have taken pay cuts to work
By Emma BurleighJuly 4, 2026
1 day ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.