You know how virtually everything these days is connected to the internet? And how tech companies don't give a crap about security? Well, as a recent Internet of Things cyber attack has shown, our appliances are being made to turn against us.
According to the security firm Proofpoint, a number of so-called smart appliances were compromised — what they're calling one of the first orchestrated Internet of Things cyber attacks. Appliances included in the attack included smart TVs, wireless speaker systems, connected multi-media centers, home-networking routers — and at least one refrigerator.
The hackers used these appliances to send out malicious emails to other smart-appliances to grow the size of their botnet, which is an army of infected devices. During the attack, in which appliances are converted into "thingbots," more than 750,000 Phishing and SPAM emails were launched from more than 100,000 everyday consumer gadgets. Botnets are used by hackers to perform large-scale attacks, like denial-of-service attacks, against specific websites by inundating them with traffic. The attacks happened between December 23, 2013 and January 6, 2014.
Talk about a potentially huge problem — especially considering that more and more tech companies are developing smart appliances, everything from smart thermostats to smoke detectors. Relatedly, hackers have also shown that cars can have their computers compromised, resulting in bogus read-out displays, and even be driven by Nintendo controllers.
It's time for developers to wake up to this problem and start thinking about security from the ground-up.
"Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse" noted David Knight, General Manager of Proofpoint's Information Security division, in a statement. "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them."