Hackers Know About Your Networked Refrigerator

I have written about the vulnerability of home networks and the Network of Things HERE

Now we have some supporting evidence that these networks can be hacked and used for criminal purposes. The Business Insider has the story HERE.

In this case, hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, Proofpoint says. They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide.

In the press release, Proofpoint explains:

The hack happened between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide.

About three-quarters of the emails were sent by regular computers, but the rest, slightly more than one-quarter, were sent by hacked home appliances.
Hackers didn’t have to be amazingly smart when breaking into home appliances. Many times they gained access because the home owners didn’t set them up correctly, or used the default password that came with the device.

Most homes are not yet a part of the Internet of Things, and looks like hackers will already be there to greet them when they arrive.

Your new refrigerator will come with the network chip build in. When you turn it on, it will start look for other devices to connect with in your home, including your smart meter which is connected to a much larger network. It may be connected to the Internet via your cable or DSL connection, providing a gateway to your refrigerator and all the other appliances in your home.

Feeling real comfortable about the Network of Things?  Have you made sure all your network devices have a unique password, or are they still using the default?

Advertisements

About Russ Steele

Freelance writer and climate change blogger. Russ spent twenty years in the Air Force as a navigator specializing in electronics warfare and digital systems. After his service he was employed for sixteen years as concept developer for TRW, an aerospace and automotive company, and then was CEO of a non-profit Internet provider for 18 months. Russ's articles have appeared in Comstock's Business, Capitol Journal, Trailer Life, Monitoring Times, and Idaho Magazine.
This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Hackers Know About Your Networked Refrigerator

  1. Dena says:

    After having purchased a wireless printer, I can confirm this is not fully true. If your network is secure (and it better be), a device will not be able to bind with your network unless you provide a password or encryption key. Because of the mickey mouse interface on the printer, it was hard to get the encryption information into the printer and it took me almost half an hour go get the thing to talk. Now once it is bound to the network, You are only as secure as your password and the cloud server that allows the device to talk on the internet.

    The weakness is the cloud. For an internet device’s location to be known on the internet over a dynamic IP (most house connections) the device must post it’s address on a known server. I use http://www.noip.com because I have a need to reach my computer from remote locations but an appliance manufacture could set up their server or use a common one like instant messaging to make this link.

    Now their is one other fly in the ointment and that is IP addresses come in two flavors. One is the IP address for transportation over the internet and the other one is a local IP address. Local addresses take the form of 192.168.x.x and will not pass through a router. If a device uses a local address (like my computer) and an outsider wants to reach my computer, I need to configure a port/address translation in my router that will connect to my local address. I can safely tell you my computer is at 192.168.0.100 but without the NO-IP information an the port number it would be nearly impossible to find my computer.

    In short, your food is in danger only if you allow it to be.

    Like

    • Russ Steele says:

      Dena, here is some more about the attack.

      Hackers use ‘smart’ refrigerator to send 750,000 virus-laced emails

      Call it the attack of the zombie refrigerators.

      Computer security researchers said this week they discovered a large “botnet” which infected Internet-connected home appliances and then delivered more than 750,000 malicious emails.

      The California security firm Proofpoint, Inc., which announced its findings, said this may be the first proven “Internet of Things” based cyberattack involving “smart” appliances.

      Proofpoint said hackers managed to penetrate home-networking routers, connected multi-media centers, televisions and at least one refrigerator to create a botnet — or platform to deliver malicious spam or phishing emails from a device, usually without the owner’s knowledge.

      Security experts previously spoke of such attacks as theoretical.

      I agree, that a home owner can protect themselves with the proper security. But, many just take device out of the box and turn them on without setting a unique password. How many people have set passwords on there refrigerator, A/C or hot water heater?

      Like

      • Dena says:

        The solution to the problem is very simple. The only two ways the attack could be carried out was to hack in to the central server which is unlikely or to provide an unsecured hot spot within a couple of hundred feet of the device. As we are dealing with a local hotspot, make the device require permission before it joins with an unsecured hot spot. The second thing that should be done is require permission before accepting code. On the other hand, if your nearest neighbor is a quarter of a mile or more away from you, there is little to worry about.

        Another point is by using the hacker provided hot spot, it was not using the owners hotspot so the emails were sent over the unsecured hotspot. Why bother taking over an ice box to do what you could do better with your own computer and hotspot?

        This could be more for show than a real world danger.

        Like

Comments are closed.