Cyber-attack traced to hacked refrigerator, TVs and home routers
DENVER — A software security company says they have found evidence that hackers are using items like a refrigerator, Internet connected TVs and home routers to send out malicious emails and SPAM.
According to a news release by Proofpoint the global cyber attack involved more than 750,000 malicious emails coming from over 100,000 everyday consumer gadgets. They included home-networking routers, TVs and at least one refrigerator.
Traditionally hackers target personal computers connected to the Internet. Affected computers then retransmit viruses and SPAM.
Proofpoint said it found waves of malicious email between Dec. 23 and Jan. 6.
“More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead the emails were sent by everyday consumer gadgets,” Proofpoint said in a statement.
Manufactures have expanded Internet connectivity to everyday items like refrigerators and smart TVs creating a so-called Internet of Things (IoT).
IoT includes every device that is connected to the internet – from home automation products including smart thermostats, security cameras, refrigerators, microwaves, home entertainment devices like TVs, gaming consoles to smart retail shelves that know when they need replenishing and industrial machinery – and the number of IoT devices is growing enormously.
Consumers don’t monitor these devices like they would a computer or smart phone, yet they can still be compromised by hackers.
“The ‘Internet of Things’ holds great promise for enabling control of all of the gadgets that we use on a daily basis. It also holds great promise for cybercriminals who can use our homes’ routers, televisions, refrigerators and other Internet-connected devices to launch large and distributed attacks”, said Michael Osterman, principal analyst at Osterman Research.
Proofpoint said the cyber-attack they monitored wasn’t especially sophisticated. “Instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use,” the company said.
“Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse” said David Knight, General Manager of Proofpoint’s Information Security division. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them.”