We have maintained for some time that connected applainces are bad but now researchers have uncovered the very first wide-scale hack that involved television sets and at least one Wi-Fi enabled refrigerator.
This is the first recorded instance of a home appliance “botnet” and the first cyberattack from the "Internet of Things", devices that are not normally connected to the internet that have been given the ability to be connected to the web.
In short, this means that the applainces are secretly being controlled by hackers to send spam or do other not very nice things.
It is reported that hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, says security specialist Proofpoint.
They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide.
“Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem,” explained security analyst Michael Osterman.
“Bot-nets are already a major security concern and the emergence of ‘thingbots’ may make the situation much worse,” added Proofpoint security manager Dave Knight.
As if we didn't have good enough reason to advise people to stay away from connected applainces owing to the very limited use that they have, we now have even more reason to tell people to steer well clear of them.
In its press release, Proofpoint explains:
- The hack happened between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide.
- About three-quarters of the emails were sent by regular computers, but the rest, slightly more than one-quarter, were sent by hacked home appliances.
- Hackers didn’t have to be amazingly smart when breaking into home appliances. Many times they gained access because the home owners didn’t set them up correctly, or used the default password that came with the device.