Hackers Launch IoT Spam Attack With Smart Appliances

We’ve said it before, but it bears repeating as we enter the era of the Internet of Things (IoT): Anything that’s Internet-connected can be hacked. We’ve seen it recently with TRENDnet IP cameras and warned about it with Nest (even as Google snapped it up in a $3.2 billion acquisition this week). And now, a security company says that a global attack campaign has been launched from household smart appliances.

Proofpoint says that some 100,000 connected routers, multimedia centers, smart TVs, and “at least one refrigerator” sent out 750,000 malicious emails. The attacks occurred between December 23rd, 2013 and January 6, 2014, with thrice-daily bursts of 100,000 spam emails and hit enterprises and consumers alike, with over a quarter of those messages emanating from non-traditional computing devices.

LG smart fridge
LG LFX31995ST smart fridge
(Note: There's no evidence that an LG fridge specifically was hacked)

They’ve become “thingbots”--what Proofpoint calls IoT devices that are commandeered just as spam networks comprised of infected computers are called “botnets”--and it’s terrible news, made worse by the fact that there was nothing sophisticated about the attacks. “In many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use,” wrote Proofpoint.

The firm also noted that IoT hacks are especially difficult for consumers because, in addition to the devices not having much in the way of security to begin with, users have essentially no way to detect or resolve infections. Thus, for enterprises and consumers alike, fending off IoT attacks consists of protecting themselves on their end instead of fighting it at the source.

So that’s something else we all have to worry about now. Device makers need to work closely with security companies to develop effective security solutions that can be widely deployed on any smart device--sooner rather than later, please.