What if, someday, hackers could use devices like your TV or your refrigerator to send malicious emails that infect other internet-connected devices all over the world? Well, buckle up, because that "someday" is today.
Sunnyvale, Calif.-based security firm Proofpoint, Inc. uncovered what it calls an "Internet of Things"-based cyber attack involving household devices. The attack was global, Proofpoint says, and targeted 100,000 everyday consumer gadgets, essentially turning them into bots that sent more than 750,000 malicious emails.
Instead of hacking into traditional computers, this attack targeted devices such as home-networking routers, connected multi-media centers, televisions and at least one "smart" refrigerator. The attack occurred between December 23, 2013 and January 6, 2014.
Related: The Connected Home: A Huge Opportunity But Slow to Catch On
"No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location -- and in many cases, the devices had not been subject to a sophisticated compromise," Proofpoint says. "Instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use."
One big problem is that many of the smart home devices come ready-to-use right out of the box. They're so easy to use, many people don't think about creating a password or changing the factory-provided password. Failing to set your own password makes internet-connected devices easy prey for hackers.