Internet of Things = Botnet of Things?

Just a few days ago I how Internet of Things is wildly insecure. It seem that the risk has already realized at least on some parts. Call it the attack of the zombie refrigerators. Security experts previously spoke of such attacks as theoretical.

Cyber attack that sent 750k malicious emails traced to hacked refrigerator, TVs and home routers article tells about an incident that may be the first proven “internet of things” based cyber attack involving “smart” appliances. The article says that California security firm Proofpoint tells that they have discovered a large “botnet” which infected internet-connected home appliances and then delivered more than 750,000 malicious emails. More than 25 per cent of the volume was sent by things that were not conventional laptops as the malware managed to get itself installed on other smart devices such as kitchen appliances, the home media systems and web-connected televisions. In this specific spamming incident no more than 10 emails were initiated from any single device, making the attack difficult to block based on location. The fridge was one of more than 100,000 devices used to take part in the spam campaign.

The security firm said these appliances may become attractive targets for hackers because they often have less security than PCs or tablets. Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. And those devices with vulnerable software versions are easy to find.

Those embedded systems should have been more secure than average PC, so what went wrong in making them? The reason is that many companies try to do as little engineering as possible before shipping. The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it’s shipped. And the software is old, even when the device is new. To make matters worse, it’s often impossible to patch the software or upgrade the components to the latest version. All it will take is some easy-to-use hacker tools for the script kiddies to get into the game, and bad things start to happen. Internet of Things use is at the moment expanding very rapidly, and besides on the problems related to how to get it to work the developers should also pay more attention to how to make it secure enough.

2 Comments

  1. Tomi Engdahl says:

    Security for the ‘Internet of Things’ (Video)
    http://it.slashdot.org/story/14/03/26/1939203/security-for-the-internet-of-things-video

    What happens when your oven is on the Internet? A malicious hacker might be able to set it to broil while you’re on vacation, and get it so hot that it could start a fire. Or a prankster might set your alarm to wake you up at 3 a.m. – and what if someone gets access to the wireless security camera over your front door and uses it to gain access to the rest of your home network, and from there to your bank account? Not good.

    Reply
  2. Tomi Engdahl says:

    A Simple Explanation Of ‘The Internet Of Things’
    http://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/

    The new rule for the future is going to be, “anything that can be connected, will be connected.”

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*