A Blog by Jonathan Low

 

Jan 18, 2014

Hackers Use Smart Refrigerator to Launch Cyberattack

Drones, malware, Chinese military internet spies and the Russian cyber-mob. We've been warned. But it's too late; they're inside the wire.

The first cyberattack has been launched using connected appliances, including a programmable refrigerator. Televisions, thermostats and home-networking routers were also in on the scam. Who knew that all those cute gadgets you can buy at Home Depot had secretly mobbed up?

It seems that more than 100,000 boring, quotidian home electronic devices were linked together to generate the necessary scale to generate the resultant malicious emails. We have known for years that personal computers could be hacked in order to create hidden networks - and that certain western militaries had actually experimented with this concept to test it.

But your refrigerator? The kitchen shrine! And over the Christmas holidays when all those delicious left-overs and adult beverages are innocently nesting? What's next, crockpots?

Actually, park that: good idea.

This does make Google's acquisition of Nest seem just a tad more sinister. Just imagine if you purchased some less well known foreign brand (whatever foreign means to you) because a promotion was being offered, only to discover the manufacturer is a subsidiary of that country's army - a pretty reasonable assumption in much of the world - and that they added a little something extra to the design, just, you know, in case...

So welcome to your world. And save those discount coupons. JL

Brandon Griggs reports in CNN:

It's being called possibly the first proven cyberattack to originate from connected appliances -- the so-called "Internet of Things."
It's bad enough that we have to fear identity thieves who are trying to scam us with malicious messages sent from PCs.
We now must worry about being targeted by our household appliances, as well.
An Internet-security firm has discovered what they are calling a global cyberattack launched from more than 100,000 everyday consumer gadgets such as home-networking routers, televisions and at least one "smart" refrigerator.
Proofpoint said the attack occurred between December 23 and January 6, and featured waves of malicious e-mail targeting businesses and individuals worldwide. In a post on the Proofpoint site, the company said the scam involved more than 750,000 e-mails from more than 100,000 appliances that had been commandeered by "thingbots," or robotic programs that can be remotely installed on digital devices.
It was not immediately clear Friday which victims were targeted and whether the scammers were successful in collecting any personal information.
"Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse," said David Knight, general manager of Proofpoint's Information Security division. "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. [We] may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them."
Recent years have seen an explosion in the number of devices fitted with Internet connectivity, from eyewear to toothbrushes to refrigerators and beyond. Earlier this week, Google paid $3.2 billion to acquire Nest, a company that makes smart home thermostats.
Proofpoint's findings suggest that just as personal computers can be unknowingly compromised and used to launch large-scale cyberattacks, so can any smart household appliance. And poorly protected "smart" devices may be easier to infect and control than PCs, laptops or tablets.
A sophisticated hack was not needed to compromise the appliances in this attack. Instead, the use of default passwords left the devices completely exposed on public networks, according to Proofpoint.
The company also noted that connected appliances typically aren't protected by anti-spam or anti-virus software, nor are they routinely monitored for security breaches.

0 comments:

Post a Comment