Hackers infiltrate smart fridge to help send 750,000 spam emails

20 Jan 2014

In a sign that hackers are now turning their focus to smart appliances, a smart refrigerator is among hacked devices that have sent more than 750,000 malicious emails worldwide over the holidays.

California security company Proofpoint discovered the internet-connected refrigerator had been part of a botnet that included TVs, routers and multimedia centres.

The botnet sent the emails in batches of 100,000 for three times a day between 23 December and 6 January, to enterprises and individuals alike.

No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location, Proofpoint said.

In many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices exposed on public networks, the company added.

David Knight, general manager of Proofpoint’s Information Security division, said many of these devices are poorly protected at best, and consumers are left with virtually no way to detect or fix infections when they do occur.

Smart appliances are typically not protected the same way enterprises and consumers are protected from spam and viruses: via anti-spam and anti-virus software and dedicated IT teams.

The traditional enterprise security approach to blocking entry of attacks solely at the email gateway won’t work, Proofpoint said. “Rather, focus should be on protecting the users at point of click (wherever that may be) and providing insight into user actions and attacker targeting.”

Research firm IDC has predicted about 212bn things will be connected via the internet by 2020.

Smart fridge image via Shutterstock

Tina Costanza was a journalist and sub-editor at Silicon Republic