Just a few days ago I how Internet of Things is wildly insecure. It seem that the risk has already realized at least on some parts. Call it the attack of the zombie refrigerators. Security experts previously spoke of such attacks as theoretical.
Cyber attack that sent 750k malicious emails traced to hacked refrigerator, TVs and home routers article tells about an incident that may be the first proven “internet of things” based cyber attack involving “smart” appliances. The article says that California security firm Proofpoint tells that they have discovered a large “botnet” which infected internet-connected home appliances and then delivered more than 750,000 malicious emails. More than 25 per cent of the volume was sent by things that were not conventional laptops as the malware managed to get itself installed on other smart devices such as kitchen appliances, the home media systems and web-connected televisions. In this specific spamming incident no more than 10 emails were initiated from any single device, making the attack difficult to block based on location. The fridge was one of more than 100,000 devices used to take part in the spam campaign.
The security firm said these appliances may become attractive targets for hackers because they often have less security than PCs or tablets. Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. And those devices with vulnerable software versions are easy to find.
Those embedded systems should have been more secure than average PC, so what went wrong in making them? The reason is that many companies try to do as little engineering as possible before shipping. The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. And the software is old, even when the device is new. To make matters worse, it’s often impossible to patch the software or upgrade the components to the latest version. All it will take is some easy-to-use hacker tools for the script kiddies to get into the game, and bad things start to happen. Internet of Things use is at the moment expanding very rapidly, and besides on the problems related to how to get it to work the developers should also pay more attention to how to make it secure enough.