Skip to content
Naked Security Naked Security

The Spy, sorry, The Fridge Who Loved Me

More IoT devices, greater connectivity, voice control via the cloud, a smarter home... but what about security?

We’ve already written about some of the, errrr, indispensable new smart home products that emerged at the recent CES show in Las Vegas.

That’s a massive annual event for the consumer electronic industry (indeed, CES, which now just stands for CES, used to be an acronym for Consumer Electronics Show).

CES is where the connected devices of the future – ones that that you didn’t even know you needed, let alone might ever want – are there on promissory display amid all the va-va-voom of Vegas.

There’s a haptic hairbrush that tracks your brush strokes lest you find yourself doing it wrongly.

There’s a smart bed that lifts your head if it thinks you’re snoring, warms your feet if they get cold, and keeps track of who knows what else besides that goes on in your bedroom.

The seductive problem with many of these devices is that the data that they collect – like the trichological tracking performed by L’Oreal’s Hair Coach, your personalised tonsorial tutor – seems harmless enough to give away.

After all, if your hairbrush strokes, or the semi-random movements you make subconsciously while asleep, should end up collected, collated, sold to the highest bidder, shared, breached and then sold again on the underground…

…how would that compromise your privacy, safety or security?

The answer is that it might not, at least right now, but as more data gets collected, as computers get faster, and as data mining and matching techniques improve…

…data that has any sort of connection to you, no matter how vague it might seem, can be searched, sorted, collated and matched with other data sets to provide a profoundly detailed picture of where you go, what you do, when you do it, what your mood was like at the time, and much more.

LEARN MORE: The Big Data picture – just how anonymous are ‘anonymous’ records? ►

It gets worse.

As we wrote last week, some of the cool new CES devices aren’t just about capturing data that only a determined data miner of the future might ever find a way to exploit. (As cryptographers like to say, attacks only ever get faster.)

The charmingly misnamed Ocean Medallion, for example, acts as a sort of super-duper turbo-charged cabin key on boat cruises – one that also manages your purchases, monitors your location, and allows not only your family but also cruise staff to keep track of you on board and online.

And it gets even worse than that.

LG, for example, really rowed out the boat at CES, announcing a product with “industry-leading technologies [that] offer intuitive control, home management, bringing new meaning to kitchen as heart of the home.”

You’ve probably guessed what it is, if the headline above didn’t give you a clue: it’s a fridge.

Taking cooling to new heights

Make no mistake, on-demand refrigeration is one of the truly useful advancements to come out of the industrial revolution, and it’s hard to imagine turning against that aspect of the technology.

But LG has produced a refrigerator that takes cooling to new heights – or lows, depending on your viewpoint.

The Smart InstaView Door-in-Door fridge does more than challenge your sense of linguistic fair play; it also brings privacy concerns right into the kitchen.

There’s Alexa integration, so you can search and shop simply by talking to your fridge.

There’s a camera inside that hooks up via Wi-Fi so you can look inside from your phone while you’re at the supermarket to see just how much mustard is left in the jar.

And there’s a feature ominously called Smart Tags that will keep track of when individual items are going to go past their use-by dates.

LG pitches this fridge on the basis that “for many families, the kitchen is one of the busiest rooms in the house,” which implies both adults and children coming and going, talking and interacting, planning and eating, giving away plenty of personally identifiable information and family secrets along the way.

So you’d expect security to be written large in any material that talks up this home refrigeration behemoth.

But it’s all about fun, apparently, with LG’s Song Dae-Hyun, president of LG Electronics and Home Appliance & Air Solutions Company, saying, “Our Smart InstaView Door-in-Door refrigerator will allow users to enjoy their kitchen experience like never before.”

Indeed, the one word conspicuous from all the material we’ve seen so far welcoming this device to the market is security.

What to do?

At this stage, there isn’t much you can do, except to put privacy and security on your must-get-it-right-or-I-won’t-buy-it list, even if you’re habitually an early adopter of cool new technology.

This year, if CES is our guide, many more devices, even entry-level ones, will get automated voice recognition, for example via Amazon’s Alexa like LG’s smart Instaview, and built-in Wi-Fi connectivity intended to make it easy to access them remotely.

Indeed, according to Ars Technica, LG’s VP of Marketing suggested during CES that, from now on, all the company’s home appliances will feature “advanced Wi-Fi connectivity.”

That means many devices will need to connect to the cloud and upload data to other people’s servers as a matter of course – Alexa, for example, doesn’t figure out what you said using the stripped-down processor in the device, but by sending your voice samples into the cloud to be processed in one of Amazon’s mighty server farms.

If you vote with your chequebook, or for that matter with your chip-enabled payment card, you will help to persuade the vendors who flock to CES to put privacy and security on their own must-get-it-right-or-we-won’t-sell-it lists, too.


Back in 2001 or so my regular lunchtime coworkers and I found ourselves meandering through Best Buy or Lowes and past a new washer festooned with the (now common) LED screens to replace the traditional knob-and-button approach. I commented on how the appliance would assimilate well at NORAD, and my deadpan buddy replied how “it even has an Internet connection.”

Though taken aback I immediately envisioned remote delayed start**, detergent-supply check and “job complete” verification. I asked “really?!” and looked down at the spec sheet. Then he laughed and admitted he’d been joking.

** irrespective of how a simple timer can accomplish the same

I’m gonna call good ol’ Tim right now; the charaltan thinks he fooled me, but I was merely ahead of my time.


Personally I have never had any luck with anything I have purvchased that was manufactured by “Lucky Goldstar”. They have always failed so miserably that I gave up on anything produced by that company so I will not be buying a “smart” fridge from them, or anyone else…


I guess this means I’ll be tracked next time we take a cruise. No options for a simple key anymore?

What would you do if you paid a bunch of money for a cruise and the only option is a key-fob tracker. Do you get to the boat and not go?

How do you show your displeasure? Seems the only option is to threaten, via snail mail not to use them again. :)


Perhaps you could write to them and demand they hand over all the data they have on you and then tell them to delete it.


What bugs me the most is that, except this one, NO article on any of the new gadgets has mentioned the word security even once. Now, I might be a jaded old IT curmudgeon, but that’s the FIRST thing I check into. (And, so far, I haven’t found any device that’s even moderately secure.


Except, no data are ever really deleted :)


Except when it’s data that no one else wants but is really, really vital to you (like that college assigment the night before it’s due)…

…in those cases, delete always seems to mean, “Gone. Really, honestly, gone. Have a happy all-nighter typing it all back in again; see you at the 24-hour coffee shop at 03:57.”


a new spy thriller coming soon to a theater near you…
Downvote: Shoot the Messenger

I appreciated the tongue-in-cheek comment Duck, despite when I was in college the ratio of grade detriment claimed between playing pool and digital calamity was one infinity percent.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!