TechnologyTell

Proofpoint reveals ‘Internet of things’ cyberattack

Sections: Features, HVAC, Internet of Things, Lighting control, Remote control, Security, Smart Home

10
Print Friendly
press-01162014

Image courtesy of Proofpoint

 

Today Proofpoint, a security service provider, put out a press release that reveals a cyberattack coming from smart appliances–the first such documented Internet of Things (IoT) attack. More than 750,000 malicious emails were sent from 100,000+ compromised connected home appliances and gadgets, including routers, TVs, and a connected fridge. Considering that the market is flooded with such devices, it brings up some important security questions. Questions that the homeowner may not think to ask. Here’s how Proofpoint described the implications:

Proofpoint’s findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into “thingbots” to carry out the same type of malicious activity. Cyber criminals intent on stealing individual identities and infiltrating enterprise IT systems have found a target-rich environment in these poorly protected internet connected devices that may be more attractive and easier to infect and control than PC, laptops, or tablets.

Apparently, the attack was pretty easy to execute, with the hackers using default passwords that left the devices completely exposed. Unlike computers that either have built-in protection, like Macs, or protective software, the study exposed the great vulnerability that IoT devices have, with “virtually no way to detect or fix infections when they do occur.”

Everything–from smart thermostats to security cameras to microwaves to smart TVs–is at risk. This is a huge blow to major manufacturers like Samsung, Bosch, LG, and others, who just launched major connected appliances for 2014. Just yesterday we reported on Apple’s absence from the smart home market. After this news, it seems like maybe there is some prudence to their delay. Considering that the iOS platform is known to be attack-proof, we look forward to an iOS smart home with built-in protection for a worry-free smart home. We also reported today on the security of wireless locks, in which both manufacturers we interviewed–Yale and Kwikset–reiterated the importance of a well-protected home network. Stay tuned for developments.

10
Print Friendly

10 Comments

  1. Pingback: Smart appliances hacked to send out over 750k malicious emails - The Gadgets Blog

  2. Idiots who install things with no/default passwords deserve everything they get

    Mark An
  3. So ~100,000 various and disparate routers, thermostats, DVRs IP cameras or whatever, devices not used to surf the internet and without any basic programmability except the ability to send a message during an if/then event [power loss, motion trip, furnace "on", etc.] all were individually programmed to send a “malicious email” at the same date and time. It seems this would have cost thousands in $ and man-hours by dozens of individual “ANONs” to set up. The emails went to hundreds (thousands) of different receivers. For what reward? Kudos to Proof-point to dedicate their apparently sizeable staff to “trace route” or whatever process they use to track the emails backwards to the individual MAC addresses to find the threat came from a refrigerator and not a Russian server.

    In addition, I am happy to learn now that the iOS platform is “known to be attack-proof”.

    bob
  4. Pingback: Kodinkoneet hyökkäsivät – onneksi vain roskapostilla | Tietokone Knowledge

  5. Pingback: أختراق عدد ضخم من أجهزة المنزلية الذكيّة وأرسال عدد كبير من الرسائل

  6. Pingback: أختراق عدد ضخم من أجهزة المنزلية الذكيّة وأرسال عدد كبير من الرسائل

  7. Pingback: Connected home appliances used to send 750,000 spam and phishing emails

  8. Pingback: أختراق عدد ضخم من أجهزة المنزلية الذكيّة وأرسال عدد كبير من الرسائل

  9. Pingback: Akıllı ev aletlerinden 750 binin üstünde kötü niyetli e-posta gönderimi yapıldı - Teknoblog

  10. Pingback: 2014-01-21 Weekly IT Security News & Threat Summary » Managed Computer Services - IT Security Specialists