A future in which our fridge tells us to add cold meat to the grocery list sounds promising, however, no one counted on a refrigerator’s capability to send us spam. Recruited into a cyber army that included 100,000 smart devices, a vulnerable smart refrigerator was hacked to send out spam e-mails.
The first recorded domestic electronic botnet attack, reported by Proofpoint Inc., occurred between December 23rd and January the 6th. Proofpoint, which provides security services to enterprises, tracked the “thingbot” attack and reported that adept hackers commandeered the consumer electronic devices to launch 750,000 spam e-mails in hourly batches of 100,000. Routers, connected media centres, mp3 players, and smart TVs were part of the guerrilla force, as well.
Security analyst Michael Osterman explained: “Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem.”
Weakly protected, the Internet of Things is exposed to threats from cyber criminals. Many users of these smart appliances, which received a big market push during this year’s CES, maintain the default passwords. Other users expose their home devices through faulty configuration. Proofpoint´s general manager of information security, David Knight, told the BBC that these devices generally do not have a virus detection system to alert users that malware is infecting their appliances.
The wily hackers ensured that the bot would not send out more than ten spam e-mails from the same IP address. IT security teams were thus thwarted in their attempts to block the attacks by location.
The attack serves as a warning about this threat. Hackers controlling extensive botnets can spread malware and e-mails containing Trojan Horse viruses. In the US, cybercrime costs the government $100bn each year.
Consumers need to consider security standards for their smart home devices. So consumers aren’t charged with covering all their devices with anti-viral programs, manufacturers might engineer protection into these devices in the design phase.