Fridges are already unhealthy places, but thanks to the Internet of Things, they are a source of online infections, says Tom Brewster
When fridges and televisions are drawn into nefarious campaigns carried out by nasty spammers, you know we’ve hit a new nadir in the information security world. And that’s exactly what researchers at Proofpoint discovered last week, revealing an attack that involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer devices… including fridges.
I’ve talked before about the dangers of the Internet of Things, or the more worrying brand of the Internet of Everything, as Cisco calls it. Despite a limited number of benefits, Joe Public is being told he (or she) needs connected devices. How will they inform their dentists of their personal hygiene habits without an IP-enabled toothbrush? How will they be able to properly monitor their cars without remotely accessible chips inside them? How will they know their Rolo yoghurts are being kept clean of bacteria without a connected fridge?
Internet of Things = Internet of Thingbots
Consumers do, of course, have a choice. They don’t have to buy into all this inanity. But choice is now being limited in favour of hyperconnectivity. I’ve heard numerous anecdotes of people being unable to find a car without an IP address. That’s simply bonkers, especially when you consider the report in Forbes last year showing how hackers could breach car security to make the brakes fail or lock the steering wheel.
It needs to be made clear to customers that if something is connected to the Internet, it can be compromised. Yet, looking at recent history, it’s unlikely those corporate entities keen to exploit the Internet of Things for massive monetary gain will talk too openly about its inherent dangers. Attracted by the growth of the machine-to-machine market, which is expected to be worth £33 billion in 2017, according to think tank IDATE, they will rush to push out products and leave security as an afterthought, as usual.
The Proofpoint findings point to the rise of a common attack vector that had been attenuated in recent months thanks to various botnet takedowns: malicious spam. In that attack campaign, more than 25 percent of the malicious mail sent between 23 December 2013 and 6 January came from “thingbots” – not conventional laptops, desktop computers or mobile devices.
The more we connect machines, giving them access to communications protocols, the bigger botnets will become, leading to more spam, increasingly powerful DDoS attacks and an erosion of privacy. One wonders whether the world’s networks can handle all this.
And here are the killer points: first, in many cases, “the use of default passwords left the devices completely exposed on public networks, available for takeover and use”. Second, “consumers have virtually no way to detect or fix infections when they do occur”. Little authentication, no recourse. That’s bad.
Let’s not allow business interests to make people more vulnerable to attack. Let’s slow the rise of the Internet of Everything.
Are you a security expert? Try our quiz!