News from “Down Under”, from Smart Company in Australia, is interesting but at the same time, very worrying. Read it here.
As you might know, the security research firm Proofpoint claims to have found a botnet of 100,000 hacked “smart” appliances, including smart fridges, which have been hacked and are being used to send spam. In a release from Proofpoint, a leading security-as-a-service provider, here, it says they have uncovered what may be the first proven Internet of Things (IoT)-based cyberattack involving conventional household “smart” appliances. From their website, it says:
- The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.
- As the number of such connected devices is expected to grow to more than four times the number of connected computers in the next few years according to media reports, proof of an IoT-based attack has significant security implications for device owners and Enterprise targets.
- Just as personal computers can be unknowingly compromised to form robot-like “botnets” that can be used to launch large-scale cyberattacks, Proofpoint’s findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into “thingbots” to carry out the same type of malicious activity. Cyber criminals intent on stealing individual identities and infiltrating enterprise IT systems have found a target-rich environment in these poorly protected internet connected devices that may be more attractive and easier to infect and control than PC, laptops, or tablets.
As you can imagine, the tale of the mutant hacked fridges, reported by the BBC (here) has gained the largely uncritical attention of news websites around the world.
But do you believe it? There were a few problems with the methodology used by Proofpoint, the worst being that they were not able to produce any example of the malware used or find a command and control server for the attacks.
That being said, while the methodology used to collect the information might be flawed, the risk it points to – the risk of poorly secured “smart” appliances being hacked – is a very real one.
Read the arstechnica article before you take your fridge to the tip. It’s here.
However, it is critical to remember that each of these smart appliances mentioned in these articles is as much a computer as your desktop, laptop, smartphone or tablet. Often, these smart appliances include web or email servers as key parts of their software. And they will need to be kept secure when they’re connected to the internet, just like any other computer.
A final word of warning: When you go to buy your 50” Smart TV, think carefully about what you’re doing.
Also, Samsung are encouraging people like you and me to upgrade your life with a Wi-Fi enabled refrigerator featuring a brilliant 8” touchscreen that puts access to apps at your fingertips. Check the mornings weather, browse the web for recipes, explore your social networks or leave notes for your family—all from the refrigerator door.