A smart refrigerator was among the more than 100,000 appliances and devices used by hackers to send out spam emails. According to researchers at Proofpoint, a California-based security group, they discovered that cyber criminals have found a way to take control of ordinary appliances which are connected to the internet and transform these into “thingbots” that will do malicious activities. A thingbot and a botnet are a series of computers that seem to be ordinary computers outside but are actually being controlled by hackers from elsewhere.
Initial reports suggest that this may be the first instance of a cyber attack coming from the “Internet of Things.” The Internet of Things pertains to the concept where devices and appliances in a household get their own computer chips, software and access to the internet. These smart devices can include: smart water meter, thermostat, door locks, microwaves, security cameras, gaming consoles or a smart refrigerator.
The attack as observed and recorded by Proofpoint, happened between December 23, 2013 and January 6, 2014. During this period, series of malicious emails usually sent in bursts of 100,000 and sent thrice a day have targeted individuals and businesses around the world. Contrary to what is expected, instead of the usual laptops, desktop computers or mobile devices as the primary suspects, ordinary home-networking routers, televisions, multi-media centers and a refrigerator were also used by hackers to send out spam emails. More than 25 percent of the attacks came from these regular household devices which usually do not have malware protection.
The cyber criminals used these smart devices and appliances to send out more than 750,000 malicious emails to individuals and corporate recipients. According to the researchers, cyber criminals gained access to these devices because of the home owners’ failure to properly configure the devices or they may have used the default password that comes with the devices and have not changed it after using the devices or appliances.
Proofpoint said that these attacks can raise “significant security implications for device owners,” especially in light of the expected rapid increase in the use of these smart devices at home. Based on International Data Corporation, a research and market insight provider, by year 2020 there will be an estimated 200 million devices connected to the internet. According to Proofpoint’s General Manager David Knight, “Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse.”
Smart refrigerators are equipped to sense what food product are placed inside, when the food will be replaced, adjust the temperature or to alert the owners on when will the foods expire. However, the smart refrigerator can only work and perform its functions if the food packaging has a Radio Frequency Identification (RFID) tag. In some smart refrigerators, it can even suggest possible recipes given what foods are still available inside.
Yet with these high-tech features also comes the reality that owners have no way to determine and fix the infections if ever this occurs in their smart appliances. Thus, a single refrigerator used by hackers to send out spam emails to unaware victims may also indicate of something worse to come.
By Roberto I. Belda