It's Time to Chill Out About Hacked Fridges
The recent Internet of Things attack should be a wake-up call for consumers and manufacturers.
Recommendations are independently chosen by Reviewed’s editors. Purchases you make through our links may earn us a commission.
Last week, a security firm revealed that a smart fridge had been hacked as part of an attack that turned ordinary electronics into a singular, spam-spewing botnet.
While the internet is all aflutter with doomsday predictions around the vulnerability of connected home appliances, we find it necessary to take a short trip down reality boulevard.
First, the facts: According to internet security software company Proofpoint, who publicized the hack, the attack took place in late December and early January. It resulted in over 750,000 spam e-mails blasted out from over 100,000 unwitting devices, including routers, smart televisions, game consoles and home media centers.
Those attacks happen all the time, but this one was notable for including a fridge along with laptops and routers. It's the first time a cyberattack made use of a smart appliance, a potential security flaw in the internet of things.
We checked in with Proofpoint security analyst Michael Osterman, who said that internet enabled devices such as connected appliances really do "represent an enormous threat."
But before you start installing kill switches on dishwashers and setting up neighborhood robot watch meetings, it's worth noting that your appliances are not trying to kill you. Instead, hackers have simply taken advantage of the fact that more home owners are installing smart appliances, appliances that consumers should be treating as they would any connected device.
In fact, it seems unlikely that the fridge in question was actually "hacked"—at least, not in any sophisticated way. In the case of this particular attack, Osterman said, most devices were easily accessible because owners neglected to change the default username and password settings. That left them open to the easiest of all hacks. It's like car thief finding the keys in the ignition.
Manufacturers aren't blameless, either, as many smart appliances lack the security options found on laptops and routers. "Most seem to have simply been left open so existing software running on them can be used by attackers," Osterman said.
As connected appliances become more commonplace, so will attacks like this. But there are ways for consumers to prevent their possessions from being used in this manner. For starters, if you plan on connecting a smart appliance to your home network, be sure to set a network firewall.
Osterman offered some additional advice for smart device owners. He recommends that devices should be running the latest firmware, users should replace default username and password settings, and home routers shouldn't be set up to have all ports open.
While some may feel violated by the idea of a dryer being used to send out spam emails, it's also important to remember that attacks like this, while annoying, are not dangerous. At least, not yet...
Via: Market Watch
[Hero credit: Dreamworks Studios and Paramount Studios]