By now we all know the importance of protecting our computers from viruses and malware, but other “smart” home appliances connected to the Internet can also be targeted by hackers. One such recent cyber attack involved televisions and at least one refrigerator.
Computer scientists who specialize in security have been warning about how easily affected Internet-connected gadgets are. California security firm Proofpoint has discovered a large “botnet” responsible for sending out more than 750,000 malicious e-mails.
“Proofpoint’s findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of things and transform them into ‘thingbots,’ to carry out the same kinds of attacks normally associated with personal computers,” the security firm’s information security division general manager, David Knight, said.
These “smart” home electronic devices could become more attractive targets for hackers because they often lack sufficient security.
“Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them,” Knight said.
For two weeks, starting December 23, 2013, the firm documented incidents, which featured waves of malicious e-mails sent out in bursts of several thousands, three times per day, targeting enterprises and individuals worldwide.
Things that were not conventional laptops, desktops or mobile devices, sent more than 25 percent of the volume. No more than 10 e-mails were sent from any single device, making the attack almost impossible to block based on location.
Compelling as these findings are, there are plenty of sceptics who say that while the existence of a botnet as described in Proofpoint’s report is plausible, it doesn’t quite add up.
Dan Goodin, a writer for Ars Technica, went through the report with a fine comb and pointed out that there are several key findings missing. He particularly questions the lack of technical details about the software used to compromise the devices and how Proofpoint arrived at the determination that 100,000 devices were commandeered.
“None of this is to say that the reported 100,000-strong smart-device botnet doesn’t exist. And as most students of logic accept, it’s not feasible to prove a negative. Still, the lack of evidence documenting any malware sample or a command and control server should give any reporter pause before repeating such an extraordinary claim,” Goodin writes.