Your smart fridge may kill you: The dark side of IoT

Lack of clear and transparent policies about software updates make these devices extremely dangerous

terminator fridge
Swapnil Bhartiya

When was the last time you bought a fridge? Probably when you brought a new house. Out previous fridge lasted more than 15 years. According to H & R Block, the average lifespan of a fridge is about 13-17 years.

But what's the lifespan of a smart fridge? Any clue? The answer may be "the same 13-17 years." Wrong. The right answer is "no one knows."

Smart fridges are yet another example of IoT (internet of things) devices done wrong. Like any other IoT device, the heart and soul of these refrigerators is the software and not the compressor. If you sell that soul to the devil, if you corrupt that heart, your fridge will turn to the dark side. It will turn against you.

These IoT refrigerators are connected to your network. They are connected to all your devices. They are connected to the internet all the time. Without any supervision by you.

We all know that bugs are part of the software development process. No software is immune to bugs and many of these bugs can become security holes that can be exploited by cybercriminals, spy agencies, and oppressive governments who relentlessly keep looking for such holes.

Nowadays these attackers don't have to hack into your laptop or PC by breaking security features built into these devices. IoT devices have become low-hanging fruit for them. They can simply hack one of your insecure-by-default IoT devices and compromise your entire network. Once they're inside your network, they have access to all of your devices.

Your smart fridge poses a much serious threat to your life than your laptop. I'm not trying to frighten you. This is no fear mongering. It's real. Have you seen that episode of Mr. Robot where the F Society hacks into the IoT devices to take control of the entire house?

However, it's not fiction anymore. The real threats that these so-called IoT devices pose are real.

Let me explain why.

If you check the warranty page of Samsung's Smart Fridge, you won't find a word about software. There is literally no mention of how long the product will get software updates. You will find a stark contrast when you visit Tesla's support page where you will find dedicated pages on software updates.

When I didn't find any software related information on the support pages of major vendors that are selling IoT or smart fridges, I reached out to Samsung and LG over email. None replied. I contacted their official support accounts on Twitter, and both Samsung and LG failed to give concrete answers about software support on these IoT refrigerators.

But why should it matter to an average user?

A smart fridge, or any IoT device, is connected to your local network, it's accessible over the internet. It's just like any other computer in your household. Since companies like Samsung or LG don't have any transparent software support policies, I have no idea if my IoT fridge is getting updates to patch security holes. I also don't know for how long these companies will offer software updates to my IoT fridge, because after that time I am exposed to every kind of cyberattack

Last year, cybercriminals turned smart devices into zombies and used them for launching massive DDoS attacks that brought down a huge chunk of the internet.

Your unpatched, insecure fridge can be turned into a zombie IoT device to launch even more sophisticated attacks.

It's not just about using your fridge to launch attacks on others, it will compromise your own security since the fridge has direct access to your network. It can be used to spread malware across other devices in your home. Your fridge can be used to steal or leak sensitive information from your computers. The compromised fridge can be used to spy on you.

Worst of all, your fridge can kill you and your friends. Literally.

As a science fiction writer, I can think of dozens of scenarios where an insecure fridge can literally kill you. I am working on a techno-thriller where a group of hackers take control of an unpatched smart fridge and turns the freezer down every night. All the meat stored in the freezer rots. The owner throws a party, inviting 20 colleagues from office. All get severe food poisoning from meat and poultry. Two die. Exactly what the group of hackers achieved by doing that is the plot of the story which I am not going to reveal here. But the point is, it's possible.

The problem lies in the business model of smart devices

I am all for IoT. I couldn't be more excited to experience and explore the possibilities that connected devices create. What I am against is that these companies are rushing in to exploit the new possibility that connected devices offer, without any clear and actual vision of what real value a smart device like a fridge would bring to a user.

All of the leading smart fridge vendors are hardware manufacturers. They make money by selling more hardware to customers. They keep looking for the new buzzword, which currently is IoT. They may move to the next buzzword next year, leaving all these smart devices insecure and vulnerable.

When I think of IoT, I envision a new product category that actually introduces new concepts in our lives, a product that identifies and solves many existing problems. Other than being able to control my fridge from my smartphone, I really see no additional value.

These are not the Teslas of the refrigeration world, that's why I call them "so-called" IoT refrigerators. So when I look at the potential risks due to unclear policies around software updates and compare them with the benefits I get out of these expensive devices, I don't feel excited. I feel worried.

If you're planning to buy a so-called IoT refrigerator, my advice is: don't invest a dime in such devices until companies like Samsung, LG, Whirlpool, or whoever else is selling these devices come out with a very clear and transparent policy around software support for them.

If you do plan to buy a smart fridge, go to the store and inquire about software updates. Ask them very clearly for how long your fridge will get updates and what happens after it stops getting updates.

Don't let these smart devices fool and kill you!

This article is published as part of the IDG Contributor Network. Want to Join?