Home The Internet Of Things Has Been Hacked, And It’s Turning Nasty

The Internet Of Things Has Been Hacked, And It’s Turning Nasty

Don’t say we didn’t warn you. Bad guys have already hijacked up to 100,000 devices in the Internet of Things and used them to launch malware attacks, Internet security firm Proofpoint said on Thursday.

It’s apparently the first recorded large-scale Internet of Things hack. Proofpoint found that the compromised gadgets—which included everything from routers and smart televisions to at least one smart refrigerator—sent more than 750,000 malicious emails to targets between December 26, 2013 and January 6, 2014.

See also: The Internet Of Things Might Try To Kill You

The hack came to light over the relatively quiet holiday period when a security researcher at Proofpoint noticed a spike in thousands of malicious messages sent from a range of IP addresses she didn’t recognize, David Knight, a Proofpoint executive in charge of information security products, told me in an interview.

Curious, she began pinging the devices and soon realized that they weren’t PCs, the usual platform for launching this sort of attack. Instead, many were otherwise unidentified devices running a standard version of Linux. Pinging one device brought up a login screen that said: Welcome To Your Fridge. She typed in a default password—something like “admin” or “adminadmin,” Knight said—and suddenly had access to the heart of someone’s kitchen.

As the age of Smart Everything dawns, it’s also bringing online a host of largely unsecured smart devices like TVs, refrigerators and even toasters. Those devices are often trivial for knowledgeable hackers to compromise, opening new opportunities for malicious actions of various kinds—of which the malware attack Proofpoint identified may be among the mildest.

“Embedded operating systems deployed in firmware tend to be old, not patched very frequently, and there are known vulnerabilities to virtually all of them,” Knight said. Proofpoint’s investigation highlights how vulnerable connected devices are and how easy it is for hackers to take advantage of them.

Hacking The Home

Craig Heffner, a security researcher that teaches a class on exploiting connected devices, told ReadWrite in December that his students are usually surprised by the lack of security in connected home devices.

See Also: Connected Home Invasion: You’ve Seen The Madness, Here Are The Methods

“If you look at the vulnerabilities being published, they’re not sophisticated,” he said. “Usually, the vendor put a back door in the product and someone took advantage.”

Worse, connected home devices often running on outdated software may be difficult or even impossible to patch. Security expert Bruce Schneier detailed the wild insecurities of the Internet of Things in a recent column for Wired:

[I]t’s often impossible to patch the software or upgrade the components to the latest version. Often, the complete source code isn’t available. Yes, they’ll have the source code to Linux and any other open-source components. But many of the device drivers and other components are just “binary blobs” — no source code at all. That’s the most pernicious part of the problem: No one can possibly patch code that’s just binary.

Malware isn’t the only thing people have to worry about. Knight said hackers could use compromised smart devices to launch distributed denial of service (DDoS) attacks aimed at knocking target Websites offline, mine bitcoins, or store stolen or otherwise illicit data.

Knight suggests the first step in protecting your gadgets is to change the default passwords. Beyond that, if you don’t need your device connected to the Internet, then don’t connect it.

“Don’t plug it in if you don’t plan to use it,” he said. “If you do put it on the Internet, try and make sure you put it behind your personal router and firewall in your environment.”

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.