I'm thinking more about a systemic approach rather than a one-off — in other words, surveying all units to identify potential targets rather than evaluating the risk for a single target. Recently we have seen a rise in criminal organizations who target high-profile targets known to be away (e.g. sports figures and entertainers whose schedules are known), and it seems like such a tool could be of use to such orgs as an additional signal — and to broaden their target base to non-celebrities.
Also, while "smart" Samsung fridges are the topic of this article, the concept generalizes to any internet connected devices within "smart" homes which exhibit a combination of "hackable" and revealing-of-occupancy. Samsung refrigerators are unlikely to be the most attractive vector when there are e.g. "smart" light bulbs out there which are vulnerable and never going to be patched because the manufacturer went out of business.
FWIW, I'm not a pen tester or security specialist — just a security-conscious generalist software developer. I see evidence left behind of scanning attacks in web logs, but haven't actually crafted such mass attacks myself.
Also, while "smart" Samsung fridges are the topic of this article, the concept generalizes to any internet connected devices within "smart" homes which exhibit a combination of "hackable" and revealing-of-occupancy. Samsung refrigerators are unlikely to be the most attractive vector when there are e.g. "smart" light bulbs out there which are vulnerable and never going to be patched because the manufacturer went out of business.
FWIW, I'm not a pen tester or security specialist — just a security-conscious generalist software developer. I see evidence left behind of scanning attacks in web logs, but haven't actually crafted such mass attacks myself.