Security researchers have discovered the first broad Internet-of-Things cyberattack, targeting household gadgets and appliances, including at least one refrigerator.
Proofpoint, a vendor that offers data protection services, said Thursday it had uncovered an unprecedented hack that encompassed “more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”
The large-scale attack is believed to be the first home appliance “botnet,” or a group of computers secretly operated by hackers. And as shown by the tech giant Google’s recent purchase of Nest – maker of “smart” thermostats and smoke alarms that can be controlled via the internet – more and more home devices and products will get individual computer chips and online connections, a phenomenon also known as the Internet-of-Things.
Proofpoint said in a press release that the hack occurred sometime between December 23 and January 6. The hack released waves of malicious email, often sent in spurts of 100,000 three times per day, targeting entities and individuals around the world.
The hack was not exactly refined, nor did it need to be, Proofpoint said, based on user negligence.
“No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location – and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use,” Proofpoint said.
The International Data Corporation estimates by 2020, the larger environment surrounding the Internet-of-Things will be comprised of over 200 billion devices connected to the internet, together valued at US$8.9 trillion. In 2012, that ecosystem was valued at $4.8 trillion.
With this rapid growth will come a multitude of items highly vulnerable to cyber-intrusion, according to Proofpoint.
“But [Internet-of-Things] devices are typically not protected by the anti-spam and anti-virus infrastructures available to organizations and individual consumers, nor are they routinely monitored by dedicated IT teams or alerting software to receive patches to address new security issues as they arise.”
With ever more items connected online, privacy is likely to be sacrificed for convenience. Many are raising questions this week about where internet leviathan – and data vacuum – Google is headed with the purchase of Nest.
For US$3.2 billion, Google bought Nest, owned by former Apple officials Tony Fadell and Matt Rogers, in a move that puts the multinational power into the home-hardware business, offering it further access to the behavior of those who use its web services.
Nest is best known for thermostats and fire detectors controllable online and that are capable of self-adjusting based on user-input patterns.
The announcement led to immediate questions about the privacy of Nest customers. In a statement to TechCrunch, Fadell signaled that Nest will only use customer information for “providing and improving Nest’s products and services,” and not for integration with Google’s formidable advertising apparatus.
Yet Google could still use Nest data as input into its overall online advertising and its other web services, sending its ads when a person is at home, for example.
2 thoughts on “Beware the fridge? Hackers targeting ‘smart’ home appliances”
During the past couple years, I’ve had to replace several major appliances. The appliance salesman explained that in the near future, all appliances manufactured are going to be “smart” and we won’t be able to get the old style anymore; but I was able (I think) to get some of the last stupid appliances (I want to be smarter than my appliances) manufactured. I truly want mechanical, not computer-chipped or programmable, appliances. But it looks like these will not be available, when my current ones live out their (probably brief) lifespan. My last washing machine/dryer lasted me nearly 20 years. I do not expect these new ones to last half that long, sadly. I do not want my appliances spying on me or hackable. I can see no good coming of this. I bet U.S. manufacturers would produce “stupid” appliances if we did not have such compartmentalized policy-making dimwits who offshored our manufacturing and force “green” and “smart” technologies on us that we don’t want or need, and PR us into thinking we want them (or just lying and saying that we do, so we have no idea if we are the only ones out there who don’t want them and everyone else is brainwashed, or is this all being forced on an unwilling population but we are made to think we are the only ones).
Like the lightbulbs. How many of us really want the new lightbulbs?
Just don’t buy any new products. Put all discretionary income into war preparations, and start making the move to a simpler lifestyle that doesn’t depend on gadgetry.
There isn’t much that they’re selling that you really need. Most of it has been sold as “modern conveniences” and “labor saving devices”, that aren’t all that convenient, and don’t save all that much labor.
Soaking your dishes in a sink full of hot, soapy water at night gets ’em just as clean as a dishwasher by morning. Same with laundry. Soak your clothes in a tub, run the tough spots over a washboard, hang ’em on a clothesline, and you don’t need their “smart” (spying) washing machine in your house.
You can easily eliminate a lot of these gadgets from your life by simply making better use of your time, and these gadgets are a stupid way to spend the last few dollars you’ll ever have that can actually buy something.