Internet of Things, Refrigerator Hacked: The More We Connect, The More We Must Protect
Just as the "Internet of Things" (IoT) - the interconnected world of appliances, gadgets, medical devices, wearables, and media centers - was just getting off the ground, the first ever cyberattack on smart appliances took place this week, according to security service Proofpoint.
Once again, the idea - that the more things you connect to the internet (or to each other), the more opportunities for tech-talented nefarious persons to mess with your life - has been proved correct.
A "global attack campaign" as the security service Proofpoint, Inc. put it, was uncovered earlier this week, involving more than 750,000 malicious emails and more than 100,000 "everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks."
Cyber criminals are now beginning to take over home routers, media centers, and even your "smart" refrigerator. Proofpoint's reporting puts the attack between Dec. 23, 2013 and Jan. 6, 2014, in which "waves of malicious email," sent in bursts of 100,000 up to three times a day were sent out from internet-connected devices.
The new thing, which makes the security researchers think this "may be the first proven Internet of Things (IoT)-based cyberattack" is that more than a quarter of the volume of malicious emails recorded were not sent by laptops, desktops, or mobile devices like tablets or smartphones. Instead, the emails were sent by home-networking routers, connected multi-media centers, smart TVs, and - the coup de gras that proves not all tech news hyperbole is unwarranted - at least one internet-connected refrigerator.
The attack was spread out over many devices, locations, and networks, so the finding the exact origin of the attack - and any attempt to block it - were very difficult. In a lot of cases, the devices that hackers had zombie-fied and used to send out their malicious emails were not hacked, but rather had been misconfigured or mal-configured with default passwords or keys.
But then again, you don't think to lock up your smart dishwasher the way you do with a laptop.
Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse" said David Knight, General Manager of Proofpoint's Information Security division in the company's release. "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them."
Market researchers such as IDC and Gartner are saying the Internet of Things is coming in a big way - with anywhere from 26 billion to 212 billion connected devices forecast to be in our lives by 2020.
Mobile security company Lookout put it best in its exposition on why it decided to hack a Google Glass device using a lowly QR code (those square black and white checkerboards you often see on advertisements):
"The benefits that these intelligent, connected devices bring to our lives are almost too numerous to count. However, when we gift these things with intelligence and senses, we also fundamentally change their very nature. Mundane objects, once familiar in appearance and completely unremarkable from a security perspective, suddenly become the guardians of sensitive data, ranging from sensitive financial information to detailed telemetry about personal aspects of our lives."
Or put more succinctly: The more we connect, the more we must protect.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!