Refrigerator hacked, used to send out spam, ushering in era of 'ThingBots'
Living room TVs, multi-media centers, and at least one refrigerator were used in a recent spam attack, e-mail security firm Proofpoint announced this week. Sure, this is a great opportunity to make jokes about spam not needing refrigeration. Chuckle for a moment, and then consider this: IDC predicts that more than 200 billion "things" will be connected via the Internet by 2020. Almost all of them will have less security than your typical home computer. So while "botnets" of hijacked computers are the playground of hackers today, ThingBots -- compromised door locks, kitchen appliances, interactive televisions, garage door openers, and so on -- will take hacker mischief to a whole new level soon.
The fridge attack, which Proofpoint suggests is the first Internet of Things hacker campaign, took place from Dec. 23-Jan. 6. and featured waves of malicious email, sent in bursts of 100,000. More than 25 percent of the bots used in the attack were "things," rather than computers or mobile phones, the firm says.
Anti-spam technology easily spots a computer sending out thousands of similar e-mails and cuts it off; that's why spammers turn to botnets. They use thousands of compromised machines to send out a trickle of messages, using a time-honored technique that's much harder to detect. In this case, the fridge and other gadgets sent out fewer than 10 e-mails during the entire attack, meaning the e-mail traffic looked perfectly ordinary.
"In many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use," the firm said in its announcement.
Raise your hand if you forgot to change the default password on your fridge this morning!
"Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse" said David Knight, General Manager of Proofpoint's Information Security division, in a statement. "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them."
The Internet of Things, I have said before raises all sorts of exciting possibilities, George Jetson style. But it also threatens to create a George Orwell-like world. Just because we can connect our toothbrushes and milk cartons doesn't mean we should.
Raise your hand if you can't wait to have more things to worry about!