Smart Appliances and Other SPPDs Hacked
Is there Spam in your refrigerator? If so, you better hope it comes from Hormel Foods, because it finally happened: the first confirmed report of a smart refrigerator involved in sending malicious spam emails.
California-based Proofpoint Inc. revealed some details last week about what they are calling an ""Internet of Things"-based cyber attack involving smart home appliances that took place between December 23rd 2013 and January 6th 2014. So if worrying about all the more familiar threat vectors aiming to assault your network on a daily basis wasn't already enough, now you've got to think about things like televisions, multi-media platforms, home routers, gaming systems, and yes, even smart refrigerators being recruited by nefarious hackers that are up to no good. And with more Smart Personal Peripheral Devices (SPPDs) coming online all the time, it's time to keep them in mind as they crack the list of potential cyber threats.
Time to cull the herd
The attack they reported was global, affecting more than 100,000 consumer gadgets which were basically Shanghaied into serving as part of a botnet. A botnet is a collection of compromised systems and/or devices used by a "bot herder/bot master" as a platform to launch more orchestrated attacks, like sending malicious emails or instigating a Distributed Denial of Service (DDos) attack. In this case, over 750,000 malicious emails were sent by the herd, with full quarter of that spam traffic coming from those far less traditional and often overlooked SPPDs. The attacker(s) also played it smart, limiting each compromised SPPD to send no more than 10 emails, making it a much harder to block specific IP addresses by location to thwart the attack.
How did the hackers get in?
As is often the case when dealing with cyber attacks, human error was largely at fault. In this case, complacency related to setting strong passwords can be blamed for most of the fires. When a consumer gets their new smart refrigerator, TV or entertainment center home, they are ready to plug it in and start using it. So when prompted to set a password, a quick tap on enter sets the manufacturer's default password and away they go. After all, who would want to hack a refrigerator, and why? Well, now you know. The lesson to take away from this is that any time you are prompted to set a password, do it, and make it a strong combination of letters with different cases, numbers and special characters when at all possible.
Another thing to keep in mind is that many of these devices, up to now, are designed with convenience in mind, not security. So don't be afraid to ask questions and get educated on your new device's connective capabilities. It's not a far leap to have a smart home appliance access your smartphone through the handy Wi-Fi or Bluetooth application that came with it, causing a cross-over infection that you can then spread to another system or device, or even your business network.
Smart Appliances - New Industry, New Security Problems
Hopefully this incident will be a real wake-up call to SPPD designers going forward, because if they are going to make devices that "plug in" to the digital world we all share, the bullies and bad guys will be out there lying in wait to leverage them for their own sinister ends ... at your expense.
At Global Digital Forensics, we keep an eye on the most current threat trends and how they can affect you and your business. For a free consultation with one of our specialists to discuss what cyber security solutions may be right for your unique situation, call 1-800-868-8189 today.