Et tu, refrigerator?
A new report shows cyberattacks aren’t relegated to laptops anymore: Now, even a fridge or a TV can send malicious emails.
Security firm Proofpoint has uncovered a cyberattack that involved the hacking of “smart” home appliances connected to the Internet. Hackers broke into more than 100,000 gadgets -- including TVs, multimedia centers, routers, and at least one fridge – and used the appliances to send out more than 750,000 malicious emails between December 23 and January 6.
The attack also included compromised laptops and tablets, but Proofpoint said about 25% of the emails were sent from appliances beyond the traditional Internet-connected gadgets.
According to Proofpoint, the cyberattack could be the first proven breach of the so-called “Internet of Things”: an exciting tech trend that promises a Jetsons-like future, with all of our home appliances and other gadgets connected to one another.
But as smart home devices – like Nest, the thermostat and smoke detector company Google bought for $3.2 billion this week – continue to grow more popular, Proofpoint’s report is a sobering reminder that anything connected to the Internet can potentially be hacked.
“The ‘Internet of Things’ holds great promise for enabling control of all of the gadgets that we use on a daily basis,” said Michael Osterman, principal analyst at messaging-focused research firm Osterman Research, wrote in Proofpoint’s report. “It also holds great promise for cybercriminals … to launch large and distributed attacks.”
To launch those types of large-scale attacks, hackers link up compromised devices to create what’s called a botnet: an army of “zombie” devices that attack other computers through tasks like overloading a website with traffic or, in this case, sending hundreds of thousands of spam emails.
These attacks can be more difficult to track as the world of Internet-connected devices expands far past laptops and tablets. In the attack Proofpoint detailed, no more than 10 emails were sent from any single IP address, making it tough to block based on location.
Perhaps worse: In “many cases,” the smart devices weren’t difficult to hack, according to Proofpoint. Instead, the appliances either were not set up correctly, or they used default passwords that were easy to find on public networks.
Proofpoint does have a vested interest in this issue, as a security firm that sells solutions to protect gadgets from such attacks.
But by 2020, research firm Gartner expects more than 30 billion Internet-connected devices will be in use worldwide – up exponentially from 2.5 billion in 2009.
As the Internet-connected world expands to thermostats, refrigerators and even window shades, so too grows the threat of potential cyberattacks -- even in the frozen foods aisle.
Julianne Pepitone is a senior technology writer for NBC News Digital. Previously she was a staff writer at CNNMoney, where she covered large tech companies including Apple and Google, as well as the intersection of tech and media. Follow Julianne on Twitter at @julpepitone or email her at firstname.lastname@example.org.