Hackers use refrigerator to send spam in cyber attack

18 Jan 2014

Thanks to smart gadgets, smart appliances and other 'smart stuff' hackers are gaining more powers to go about their business as evidenced in the use of a refrigerator to send spam emails in the first proven cyber attack of its kind.

SF Gate quoted California security firm Proofpoint as saying internet-connected home appliances were infected by a large ''botnet'' over a two-week period from 23 December.

According to the firm, hackers managed to penetrate home-networking routers, connected multi-media centres, televisions and at least one refrigerator to create a platform to deliver malicious spam or phishing emails.

The firm added, the case had significant security implications for device owners and enterprise targets due to the massive growth expected in the use of smart and connected devices, from clothing to appliances.

According to the firm, the appliances might become attractive targets for hackers as they often had less security than PCs or tablets.

Incidents had been documented between 23 December and 6 January, featuring "waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide".

Over a quarter of the emails were sent by things that were not conventional laptops, desktop computers or mobile devices.

According to David Knight, from Proofpoint, Botnets were already a major security concern and the emergence of thingbots might make the situation much worse.

With more devices connecting to the web, forming the "Internet of Things" as referred to by experts, a booming sector in the tech industry, was opening up.

Google acquired connected-home appliance company Nest Labs for $3.2 billion in cash this week (See: Google to acquire Nest Labs, maker of smart devices).

According to analysts,  The Internet of Things was projected to be worth $1.9 trillion and include 26 billion devices by 2020, but each new online gadget, whether it was a phone-controlled thermostat or a Wi-Fi-enabled wristwatch, was a potential target.

Though the brunt of the recent attack, which spanned 23 December to 6 January, still relied on compromised personal computers to send malicious e-mails, about 25 per cent of the messages went out from other connected devices including gaming consoles, wireless speakers, televisions and at least one refrigerator, the company said. Proofpoint said this was the first attack it has seen that used household smart appliances.

Sky News quoted Michele Borovac, a security specialist at Mountain View's HyTrust, as saying hackers were not going to go in and turn up people's thermostat to 100 degrees, but if they could go in and leverage that device,  they could well use it for anything else as well.