Cyberattack Traced To Infected Refrigerator

[Fanghawk]

Cyberattack Traced To Infected Refrigerator

Computer security researchers discovered a botnet operating from home appliances, including televisions, routers, and even a smart refrigerator.

Online security is an incredibly challenging field, made all the more complex thanks to botnets. These omni-present networks spread by infecting electronic devices with trojans, usually for the purpose of sending spam emails or denial of service attacks from multiple locations. Note that I said "electronic devices" and not "computers"; security experts have warned <a href=http://www.escapistmagazine.com/news/view/122819-Researcher-Maps-Internet-Using-Illegal-Botnet-Study>that home appliances are also at risk, especially in an age of smart appliances. These experts were proven correct after tracing a spam email botnet to internet-connected appliances, even finding traces on an unsuspecting refrigerator.

According to a report from California security firm Proofpoint, the organization documented huge spikes of malicious emails sent to individuals and corporations alike, up to 300,000 per day. An investigation ultimately found the offending botnet within home networks, having infiltrated routers, televisions, multi-media centers, and at least one refrigerator.

"Botnets are already a major security concern and the emergence of thingbots may make the situation much worse," Proofpoint's David Knight explained. "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them."

While researchers <a href=http://www.escapistmagazine.com/news/view/122819-Researcher-Maps-Internet-Using-Illegal-Botnet-Study>were certainly aware of these risks already, this appears to be one of the first documented cases of internet-connecting appliances being used for malicious purposes. Forget about the hazards of Skynet: Clearly the true danger is the humble fridge, coldly calculating its next move and striking when we'll least expect it.

Source: <a href=http://phys.org/news/2014-01-cyberattack-hacked-refrigerator.html>Phys.org

Permalink

 

[Imperioratorex Caprae]

THIS is why I won't ever buy "Smart" appliances or cars. Anything controlled by a computer has too much room for someone to be malicious about it. Especially if for example cars become constantly wifi/WAN connected. I don't want to be around when the first major nationwide car wreck happens because someone thought it would be a good idea to hook up a car network and another assjack thought it would be cool/funny to watch it all burn. Fuck Joker wannabes...

 

[Andy Shandy]

Looks like LRR predicted the rise of the mighty fridge.

 

[synobal]

I predict this year we will see the first virus for a major console. I can't say how bad it will be but I suspect it will come as a shock to most console owners.

 

[Gregg Lonsdale]

This sounds like the lead up to a real-life version of Mega-Man: Battle Network. At least I really, really hope it is

 

[-Dragmire-]

I kinda want to see a vid of police busting into someones house and coming out with their refrigerator. Or arresting a guy in a really bad fridge costume.

 

[Slegiar Dryke]

This sounds like the lead up to a real-life version of Mega-Man: Battle Network. At least I really, really hope it is

ohhh heck yes, that would be so freaking cool 8D I've wanted a personal Net Navi for years since I got into the (dot)EXE series ^^

OT: This is something I've kind of been expecting for a while now. Ever since hearing about the whole "Smart" appliances, and being a consistent reader of Hackaday, you don't need a real example like this to believe far worse is possible.

and don't even get me STARTED on Wifi/WAN connections for cars. Its already been proven that through a system like that, unless serious improvements to security are made.....SERIOUS...Improvements....yeah a single car crashing would be the minimum damage capable. This is something that's being proven left and right in so many ways, universal interconnectedness is NOT ALWAYS A GOOD THING!

 

[porous_shield]

A fridge creating a botnet attack is pretty scary but what I find even more scary is what'll happen when the internet is even more ubiquitous. We're not far off from when every activity in our home capable of being monitored from afar with all the computers and internet access we're shoving into everything.

Also, badBIOS. Even if it's a hoax it is very scary.

 

[The Rogue Wolf]

I don't know why all those tech gurus ever expected the "Internet of things" to be any different from the regular Internet.

Won't be long now until somebody's "smart" refrigerator sends them a shopping list: eggs, bread, milk, VIAGRA AND OTHER MALE-ENHANCEMENT DRUGS JUST CLICK HERE.

 

[008Zulu_v1legacy]

How will Bruce Willis be able to defeat such a menace in every home?!?

 

[Hairless Mammoth]

I was more worried about the computer dieing or glitching out to fry something else in the appliance than them being used in a botnet. Engineers already put so many cheap little parts in these machines to cut costs and add planned obsolescence. Now with a stupid computer it just adds another failure point and the wifi ones can suck up my bandwidth while screwing over other innocent people. Count me out of this bullshit. I may be American but I'll at least get up and go to the fridge to get a glass of juice/water and use my cognitive awareness to decide what to buy for groceries.

THIS is why I won't ever buy "Smart" appliances or cars. Anything controlled by a computer has too much room for someone to be malicious about it. Especially if for example cars become constantly wifi/WAN connected. I don't want to be around when the first major nationwide car wreck happens because someone thought it would be a good idea to hook up a car network and another assjack thought it would be cool/funny to watch it all burn. Fuck Joker wannabes...

Good luck with that. Unless you get the budget model cars with only the most basic ECM, even the cheap family sedans now a days have 3 or more modules talking to each other with one waiting to get instrutions from a key fob all the time. Luxury car have had for the past few years that stupid smart phone connect you talked about. Thieves have been able to bypass security, start the car, and get in gear to drive off in about 45 seconds. Then there's electric power steering automatic braking and the fact that many options become standard within a decade or so. We'll probably have smart phone's hacking cars to at least lock up their brakes in a few years.

I'd say you and me need to get cars like a '69 Charger or at least an old dependable beater to avoid the car apocalypse. If I ever got a car with something like onstar I'd find out how to bypass it and hit the thing with a microwave magnotron then install my own gps tracker in a location thieves won't know about by looking it up on a car site.

 

[itsmeyouidiot]

I remember watching Mega Man NT Warrior on Kids WB and thinking how crazy it was that things like microwaves would need to be connected to the internet, and now here it is happening for real

 

[Strazdas]

I predict this year we will see the first virus for a major console. I can't say how bad it will be but I suspect it will come as a shock to most console owners.

What do you mean first?
http://gamer.blorge.com/2012/10/29/psa-xbox-360-gets-first-console-virus-affecting-borderlands-2-players/
And there are plenty more.

Consoles not having viruses is a myth.

Good luck with that. Unless you get the budget model cars with only the most basic ECM, even the cheap family sedans now a days have 3 or more modules talking to each other with one waiting to get instrutions from a key fob all the time. Luxury car have had for the past few years that stupid smart phone connect you talked about. Thieves have been able to bypass security, start the car, and get in gear to drive off in about 45 seconds. Then there's electric power steering automatic braking and the fact that many options become standard within a decade or so. We'll probably have smart phone's hacking cars to at least lock up their brakes in a few years.

I'd say you and me need to get cars like a '69 Charger or at least an old dependable beater to avoid the car apocalypse. If I ever got a car with something like onstar I'd find out how to bypass it and hit the thing with a microwave magnotron then install my own gps tracker in a location thieves won't know about by looking it up on a car site.

my almost 2.5 decades old car has a computer that can connect to outside world, though only by wires.
Computers are in cars everywhere nowadays and you would need to buy antiquities to find cars without computers.

you dont need to lock up breaks. computers actually block your engine when the engine is off against thieves now. all you need is to initiate this and car is deadlocked.

 

[Hairless Mammoth]

my almost 2.5 decades old car has a computer that can connect to outside world, though only by wires.
Computers are in cars everywhere nowadays and you would need to buy antiquities to find cars without computers.

you dont need to lock up breaks. computers actually block your engine when the engine is off against thieves now. all you need is to initiate this and car is deadlocked.

Read my comment again. I didn't mean locking your brakes as a security feature. I meant I'm worried about the day a car can be serviced wirelessly and someone cracks the encryption or steals a dealer diagnostic tool to steal or mess with someone's car.(Say, activate the brake booster solenoid while driving next to the victim car on the road. Think of the insurance fraud they could get away with until authorities finally realize this can happen.) All a slick thief or malicious person needs to do is copy your key fob's RFID then get get to the ODB II port under the dash and use the right software to disable any security, mess with injector or ignition timing to troll you or just plain jack up your ECM. At least they need a physical connection. I've seen security cam footage of guys break into a new BMW, plug something in the ODB port and drive it off without having the key fob the driver would normally just need to have on his/her person.

This wireless trend combined with the facts that computers can die for whatever reason (albeit, it's rare and they are made last a long time), are expensive, rare for an early model car, and are usually a pain to get to(I have had to dig out every module on several new Darts. ECM, TCM, WCM, BCM, Telematics Convergence Module(A real thing), Pasta Cooking Module, you name it, it's there.)makes me wanna get at least one car made around this time, no later, with just a couple computer modules or go back before EFI to a carbureted engine with ignition points. The '69 Charger would just look nice after I restored it. Double that for an appliance that is engineered only to last for a decade at most. Adding another part and port of failure that costs almost as much as a new appliance can fuck right off. (Thanks, Yahtzee, for that phrase.)

And I just thought of something more OT: I wonder if the these fridges are going to start needing security updates if they do not already get them. It's hilarious that the ice box needs an update so someone in their underwear on another hemisphere doesn't try to spoil my food.

 

[Strazdas]

my almost 2.5 decades old car has a computer that can connect to outside world, though only by wires.
Computers are in cars everywhere nowadays and you would need to buy antiquities to find cars without computers.

you dont need to lock up breaks. computers actually block your engine when the engine is off against thieves now. all you need is to initiate this and car is deadlocked.

Read my comment again. I didn't mean locking your brakes as a security feature. I meant I'm worried about the day a car can be serviced wirelessly and someone cracks the encryption or steals a dealer diagnostic tool to steal or mess with someone's car.

And i said you can already do that except instead of breaks you can use engine locking system that already exists in all modern cars.
Though admittedly you can do more with breaks i guess.

The whole wireless key is jut awful idea. especially when it actually is a strong signal. ive seen when a person stopped at a gas station and went inside, and his car was clsoe enough to be "running" and somone else entered it and drove off!. the engine died once he got far from the guy but by that time chaos ensued. I would never buy a car with wireless card key.

The problem with pre-computer machines is that they were extremely inefficient. stick a old engine in your new car and you will be tripling your gas usage. and that is very very bad. And some computers last a loooong time. the 2.5 decade old car i said i have - still has its original computer working.