As we saw at CES this year, “smart” or Internet-connected items are all the rage this year. But unfortunately a recent cyber-attack shows us just how vulnerable we become by connecting our home appliances and other items to the Internet. Proofpoint, an Internet security firm, issued its findings of a recent hacking attack which sent 750,000 malicious emails to unsuspecting recipients. And the vehicles they used to send those emails? In some cases, your very own refrigerator may have been used.
Security researchers uncover hacking attack
The firm said it uncovered a sizeable botnet of Internet-connected appliances. That botnet was reportedly responsible for sending out the malicious emails. According to the firm, Proofpoint breached home networking routers, smart televisions, connected multimedia centers and even at least one refrigerator. The hackers then used their access to create a botnet, which they used to send phishing emails. In most cases, the owners of the so-called “smart” devices had no idea their appliances were even being used for these malicious attacks.
Australian website The Age reports that in the past security researchers saw a cyber-attack like this one as simply theoretical. Now they know that this is indeed possible. Such attacks were once commonly carried out using botnets created by breaching home PCs.
Why hackers may be interested in smart devices
One of the main reasons researchers believe that connected devices post an attractive target to hackers is because they often have less security than PCs or even tablets. These types of devices are so new that security isn’t yet a major concern, but that could change after this attack.
According to Proofpoint, the malicious emails were sent between Dec. 23 and Jan. 6. Usually they were sent out in batches of 100,000 emails three times a day. They reportedly targeted individuals and even enterprises around the world. More than a quarter of those emails were sent by connected appliances or devices which were not PCs, laptops or mobile devices. However, only up to 10 emails were sent from each device, so it was difficult to block the attack based on location.