Household Appliances Sending Spam, opening backdoors

by Nikola Strahija on January 19th, 2014

Hacking News » Household Appliances Sending Spam, opening backdoors



While analyzing email threats, Proofpoint's researchers observed a cyber attack campaign where more than 750,000 email messages came from devices that were not laptops, phones, tablets or any kind of computers. They are calling it a thingbot-net. Researchers observed a series of cyber attack campaigns which were running from December 23rd, 2013 through January 6th, 2014 with 100,000 IPs being used by Internet-of-things devices. If by now you're thinking that these devices were in majority routers and other Linux-based devices - such as NAS, Proofpoint says there was a significant percentage of attacks coming from other sources such as multimedia centers, TVs and a fridge.



Based on their report, the devices were running Apache or mini-httpd as web servers, using ARM and MIPS based CPUs, which makes me wonder if SDKs are available for that fridge.



On a serious note, this does provide a reasonable threat. Having a pwned fridge that drilled the NAT and enabled access to a laptop holding data does make me worried. As Internet-of-things devices become more affordable and widespread,I believe we'll see more security issues, at the very least with their digital management services. Cisco thinks that by year 2020 more that 37 billion Internet-of-Things devices will exist and I'm sure quite a few will be based on unpatched source code from 2010, at least the cheap ones will.



Proofpoint's research is available here.