Using Samsung's Internet-enabled refrigerator for man-in-the-middle attacks:

anvilfour

In the summer of last year Samsung brought out their RF28HMELBSR smart fridge, the successor to the RF4289HARS from two year previous.
The fridge is part of Samsung’s line-up of Smart Home appliances which can be controlled via their Smart Home app.

Man in the middle attack

Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display.
So, MITM the victim’s fridge from next door, or on the road outside and you can potentially steal their Google credentials.
The notable exception to the rule above is when the terminal connects to the update server - we were able to isolate the URL https://www.samsungotn.net which is the same used by TVs, etc. We generated a set of certificates with the exact same contents as those on the real website (fake server cert + fake CA signing cert) in the hope that the validation was weak but it failed.
The terminal must have a copy of the CA and is making sure that the server's cert is signed against that one. We can't hack this without access to the file system where we could replace the CA it is validating against. Long story short we couldn't intercept communications between the fridge terminal and the update server.

The bottom line is that this is enough to see someone's Gmail credentials.

See full article : http://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/

_Tombstone_

None of IOT (internet of things) is gonna be secure for years id reckon.