Security firm Proofpoint is reporting that one of the first Internet-of-Things cyber attacks recently happened, and it involved a refrigerator.
The Internet-of-Things refers to household gadgets that can be connected to the Internet, and Proofpoint warns that hackers are now able to use them to send out compromising emails.
According to Proofpoint, the massive attack happened between December 23 and January 6 and consisted of, “more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”
“No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location – and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use,” said Proofpoint in their report. “But [Internet-of-Things] devices are typically not protected by the anti-spam and anti-virus infrastructures available to organizations and individual consumers, nor are they routinely monitored by dedicated IT teams or alerting software to receive patches to address new security issues as they arise.”
David Knight, general manager of information security for Proofpoint, says that there is not much the owner of a smart device can do to stop this from happening.
"I don't think a consumer should be expected to know and fix if their refrigerator has been compromised," said Knight. "The industry is going to have to do a better job of securing these devices."
"People should be concerned,” warned Knight, “because unlike PCs and laptops where there are tools and user interfaces where you can tell if something is wrong, there's not a lot to help you tell if your fridge or home audio system has been compromised.”