[LINK] The Internet of Things & Privacy (Part 2)

stephen at melbpc.org.au stephen at melbpc.org.au
Sun Jan 19 14:35:53 AEDT 2014 

"Fridge Sends Spam Emails as Attack Hits Smart Gadgets"

<http://www.bbc.co.uk/news/technology-25780908> **(18th Jan)**


A fridge has been discovered sending out spam after a web attack managed to 
compromise smart gadgets.

The fridge was one of more than 100,000 devices used to take part in the 
spam campaign.

Uncovered by security firm Proofpoint the attack compromised computers, 
home routers, media PCs and also smart TV sets.

<http://www.proofpoint.com/about-us/press-releases/01162014.php>

The attack is believed to be one of the first to exploit the lax security 
on devices that are part of the "internet of things". 

(If they can and do send spam, then sending all of their stored, or live, 
data about us anywhere should be easy. Skype videos of your baby anyone?)

Poor protection

The spam attack took place between 23 December 2013 and 6 January this 
year, said Proofpoint in a statement. In total, it said, about 750,000 
messages were sent as part of the junk mail campaign. The emails were 
routed through the compromised gadgets.

About 25% of the messages seen by Proofpoint researchers did not pass 
through laptops, desktops or smartphones, it said.

Instead, the malware managed to get itself installed on other smart devices 
such as kitchen appliances, the home media systems on which people store 
copied DVDs and web-connected televisions.

Many of these gadgets have computer processors onboard and act as a self-
contained web server to handle communication and other sophisticated 
functions.

Investigation by Proofpoint into the internet addresses involved in the 
attack revealed the presence of the smart gadgets, said David Knight, 
general manager of Proofpoint's information security division.

"The results spoke for themselves when the addresses responded with 
explicit identification, including well-known, often graphically branded 
interfaces, file structures, and content," he told the BBC.

Mr Knight speculated that the malware that allowed spam to be sent from 
these devices was able to install itself because many of the gadgets were 
poorly configured or used default passwords that left them exposed.

He said attacks such as this would become much more routine as homes and 
furnishings got smarter and were put online.

"Many of these devices are poorly protected at best and consumers have 
virtually no way to detect or fix infections when they do occur," he
added.

Message sent using MelbPC WebMail Server

More information about the Link mailing list