Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

For The First Time, Hackers Have Used A Refrigerator To Attack Businesses
Business Insider ^ | January 17. 2014 | JULIE BORT

Posted on 01/17/2014 6:19:17 AM PST by MeshugeMikey

Security researchers at Proofpoint have uncovered the very first wide-scale hack that involved television sets and at least one refrigerator.

Yes, a fridge.

This is being hailed as the first home appliance "botnet" and the first cyberattack from the Internet of Things.

(Excerpt) Read more at businessinsider.com ...


TOPICS: Computers/Internet
KEYWORDS:
Navigation: use the links below to view more comments.
first 1-5051-75 next last

1 posted on 01/17/2014 6:19:17 AM PST by MeshugeMikey
[ Post Reply | Private Reply | View Replies]

To: MeshugeMikey

guess moochelle’s looking to see what you’ve got in your frig!


2 posted on 01/17/2014 6:24:41 AM PST by ealgeone (obama, border)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MeshugeMikey
Take a WiFi-enabled fridge, install malware, and as soon as it's delivered to its new (wealthy, in order to afford it) owner, you can do as you please with his home network, since you are already inside his firewall.

And all it takes is to have one of your people install some software at some point along the distribution chain.

Or even at its Chinese point of manufacturing...

3 posted on 01/17/2014 6:29:10 AM PST by PapaBear3625 (You don't notice it's a police state until the police come for you.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MeshugeMikey

Who didn’t see this coming? Soon, your toaster will be spying on you!...............


4 posted on 01/17/2014 6:30:03 AM PST by Red Badger (Proud member of the Zeta Omicron Tau Fraternity since 2004...................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MeshugeMikey

I wonder if the fridge came from Target?


5 posted on 01/17/2014 6:30:10 AM PST by dirtboy
[ Post Reply | Private Reply | To 1 | View Replies]

To: dirtboy

ahaha now there’s a conundrum.

do each of these appliances have thier own IP addresses?


6 posted on 01/17/2014 6:38:42 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: ealgeone

talk about desperation....

we have far exceeded the controls of a “1984”

now.... how to encrypt those frozen Chocolate Cream Pies?


7 posted on 01/17/2014 6:40:04 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Red Badger

Bob? yes HI this I Mike...

Hey I just got an email from your Air Conditioner? Whats GOING On?


8 posted on 01/17/2014 6:41:16 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: PapaBear3625

ah...... yes.... the Chinese Connection

I hadnt come anywhere near to seeing that obvious..”angle’


9 posted on 01/17/2014 6:42:36 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: PapaBear3625

It makes a great headline but in reality a WIFI enabled appliance is essentially a laptop attached to said appliance running some flavor of Linux in most cases. Its an excellent hack because most people would never suspect the fridge or toaster being used as an entry point into their home network. TV sets, printers, scanners, wifi thermostats can all be hacked and placed in the retail packaging for an unsuspecting consumer to bring home.


10 posted on 01/17/2014 6:47:07 AM PST by bigtoona
[ Post Reply | Private Reply | To 3 | View Replies]

To: MeshugeMikey

Im guessing more likely a MAC address on the local lan , , ,


11 posted on 01/17/2014 6:53:28 AM PST by ▀udda▀udd (>> F U B O << "What the hell kind of country is this if I can only hate a man if he's white?")
[ Post Reply | Private Reply | To 6 | View Replies]

To: ealgeone
guess moochelle’s looking to see what you’ve got in your frig!

Yeah.
You better have a really stout lock on it!

Seriously I have always been enthused by automation and remote controls, but the trend to universal (phone type) access to devices in my home is never gonna happen.
This is an area of technology about which I am functionally ignorant, and I can't help wondering if my utilities smart meters can be hacked. Anyone know?

I don't relish the thought of being subject to having my electricity and gas hacked and turned off.

12 posted on 01/17/2014 6:55:24 AM PST by publius911 ( At least Nixon had the good g race to resign!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: MeshugeMikey; COUNTrecount; Nowhere Man; FightThePower!; C. Edmund Wright; jacob allen; ...
Keep your eye on the toaster....

TOASTER: Howdy doodly do! How's it going? I'm Talkie -- Talkie Toaster, your chirpy breakfast companion. Talkie's the name, toasting's the game. Anyone like any toast?
LISTER: Look, I don't want any toast, and he (indicating KRYTEN) doesn't want any toast. In fact, no one around here wants any toast. Not now, not ever. NO TOAST.
TOASTER: How 'bout a muffin?
LISTER: OR muffins! OR muffins! We don't LIKE muffins around here! We want no muffins, no toast, no teacakes, no buns, baps, baguettes or bagels, no croissants, no crumpets, no pancakes, no potato cakes and no hot-cross buns and DEFINITELY no smegging flapjacks!
TOASTER: Aah, so you're a waffle man!
LISTER: (to KRYTEN) See? You see what he's like? He winds me up, man. There's no reasoning with him.
KRYTEN: If you'll allow me, Sir, as one mechanical to another. He'll understand me. (Addressing the TOASTER as one would address an errant child) Now. Now, you listen here. You will not offer ANY grilled bread products to ANY member of the crew. If you do, you will be on the receiving end of a very large polo mallet.
TOASTER: Can I ask just one question?
KRYTEN: Of course.
TOASTER: Would anyone like any toast?
KRYTEN: Didn't you HEAR what I just said?
TOASTER: Yes, but I thought you might have changed your mind in the meantime.
LISTER: You see? You see what he's like?
KRYTEN: (Exasperated) We haven't changed our mind!
LISTER: NO TOAST!
TOASTER: But I am a toaster. It is my raison d'etre. I toast, therefore I am.

Nut-job Conspiracy Theory Ping!

To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...

Red Dwarf Ping!

13 posted on 01/17/2014 6:59:14 AM PST by null and void (We need to shake this snowglobe up.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
Who didn’t see this coming? Soon, your toaster will be spying on you!...............

Indeed...

14 posted on 01/17/2014 6:59:50 AM PST by null and void (We need to shake this snowglobe up.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: MeshugeMikey

bfl


15 posted on 01/17/2014 7:00:59 AM PST by NWHawk (Not Quirky)
[ Post Reply | Private Reply | To 1 | View Replies]

To: publius911
I don't relish the thought of being subject to having my electricity and gas hacked and turned off.

Me neither.

Says the guy whose power went of at 3 AM...

16 posted on 01/17/2014 7:01:26 AM PST by null and void (We need to shake this snowglobe up.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: MeshugeMikey
Looks like monitoring our calorie intake is next.

Bloomberg's got a chub.

17 posted on 01/17/2014 7:01:57 AM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

I would strongly suggest this appliance investigate aligning itself with the “Toaster Pride Movement”.


18 posted on 01/17/2014 7:03:30 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: null and void; Lakeshark; Borax Queen; sweetliberty

I SWEAR this isn’t my fault!


19 posted on 01/17/2014 7:04:45 AM PST by Darksheare (Try my coffee, first one's free..... Even robots will kill for it!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: bigtoona

If the WiFi router is password protected the hacked refrigerator or other device cannot access it unless/until the homeowner brings it into his network via entering the password into the device’s interface. Until then the infected device is blind to the world.

So really it’s looking for unsecured access points. -Just like every other hacker out there.


20 posted on 01/17/2014 7:06:06 AM PST by Justa
[ Post Reply | Private Reply | To 10 | View Replies]

To: Lazamataz

GOOGLE will be involved in the Calorie Intake Monitoring System via of the Contact Lens Glucose Monitoring device....allegedly already a reality.

imagine having a brown eyed blue tooth !


21 posted on 01/17/2014 7:06:11 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: MeshugeMikey

Yeah but hey, they could tell how many eggs were left from their iPhone...


22 posted on 01/17/2014 7:07:34 AM PST by bigbob (The best way to get a bad law repealed is to enforce it strictly. Abraham Lincoln)
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

possible Red Drwaf ping...(Toastie the toaster??) IDK...

Cheers! :)


23 posted on 01/17/2014 7:08:50 AM PST by The SISU kid (I think they taste like Barbie dolls smell.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: The SISU kid

Way ahead of you...


24 posted on 01/17/2014 7:10:18 AM PST by null and void (We need to shake this snowglobe up.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: MeshugeMikey
Just don't let your Keurig (a.k.a. Nutri-Matic Drinks Synthesizer) on the network when you try to explain to it that you want tea.
25 posted on 01/17/2014 7:12:20 AM PST by KarlInOhio (Republican amnesty supporters don't care whether their own homes are called mansions or haciendas.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Justa
device cannot access it unless/until the homeowner brings it into his network via entering the password into the device’s interface.

But if you just spent a ton of money on your new WiFi enabled refrigerator, why wouldn't you give it your password so you can constantly monitor your produce drawer temperature.?

I'm sorry, Dave, but I've been talking to your scale this morning. You are only getting fresh vegetables and water until you've lost 20 pounds.

26 posted on 01/17/2014 7:18:37 AM PST by KarlInOhio (Republican amnesty supporters don't care whether their own homes are called mansions or haciendas.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: MeshugeMikey


27 posted on 01/17/2014 7:19:07 AM PST by UCANSEE2 (I forgot what my tagline was supposed to say)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Justa
If the WiFi router is password protected...

Surely none of those WiFi routers have an embedded chip or code that allows someone to hack in. ; )

28 posted on 01/17/2014 7:26:42 AM PST by UCANSEE2 (I forgot what my tagline was supposed to say)
[ Post Reply | Private Reply | To 20 | View Replies]

To: KarlInOhio

Lol, yeah.

The article’s hyperbole so it’s fine to joke about it. The gist of it is they were reviewing spamm mail and noticed a significant percentage came from wifi-enabled appliances. Such as LGfridge1534214@usersISP.com. The hackers just used available network IDs on an unsecured network to send spamm mail from.

If the business network is hacked and the hackers are only using it to send spamm mail I’d say the business has a pretty low threat surface.


29 posted on 01/17/2014 7:28:04 AM PST by Justa
[ Post Reply | Private Reply | To 26 | View Replies]

To: Red Badger

yeah - my appliances been acting real funny lately

The dvd/vcr keeps flashing 12:00 12:00 12:00

Thinks its some secret code.......


30 posted on 01/17/2014 7:30:12 AM PST by njslim (St)
[ Post Reply | Private Reply | To 4 | View Replies]

To: UCANSEE2
imagine getting email from your new blue tooth enabled lawnmower


31 posted on 01/17/2014 7:35:56 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: UCANSEE2

Since MS Windows first had networking embedded access, data collection and retrieval has been ubiquitous.


32 posted on 01/17/2014 7:36:54 AM PST by Justa
[ Post Reply | Private Reply | To 28 | View Replies]

To: MeshugeMikey

Our local news did a hacker piece on cell phone charges, yep, they now can hack your smart devices from your chargers.

So don’t SHARE!


33 posted on 01/17/2014 7:46:51 AM PST by GailA (THOSE WHO DON'T KEEP PROMISES TO THE MILITARY, WON'T KEEP THEM TO U!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

I need some toast.


34 posted on 01/17/2014 7:50:28 AM PST by Greenperson
[ Post Reply | Private Reply | To 13 | View Replies]

To: ├čudda├čudd; MeshugeMikey
>> do each of these appliances have thier own IP addresses?

Yes.

> Im guessing more likely a MAC address on the local lan

You're confused. MAC addresses and IP addresses are very different things, and a networked device must have one of each.

Every network-enabled device has a MAC address; it's an identifier in the embedded network interface chip in the device. It is by definition unique universally, since it's assigned by the manufacturer of the device when it's built.

An IP address is assigned (or configured) when the device joins a network, such as the local network (LAN) in your home/office, or the Internet.

The IP address has to be unique globally ONLY if it is connected directly to the Internet. In that case, it gets a "public" IP.

But if it's on your home/office LAN, which is configured using a NAT router (e.g. a home/office wireless router), then the device's IP address does NOT have to be globally unique. Rather it is "private", and only needs to be unique on that local network.

35 posted on 01/17/2014 7:57:41 AM PST by dayglored (Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: MeshugeMikey
Hey I just got an email from your Air Conditioner? Whats GOING On?

I read a SF novel where a character got an email from her spare blue jeans, wondering why she'd been wearing the other pair for so long.

36 posted on 01/17/2014 8:02:35 AM PST by Slings and Arrows (You can't have Ingsoc without an Emmanuel Goldstein.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Slings and Arrows

ahaha I dont doubt it.


37 posted on 01/17/2014 8:12:11 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: GailA

although my computer is a MAC Pro...I have no “smart devices” whatsoever

people regularly ask why I dont upgrade my phone...


38 posted on 01/17/2014 8:14:09 AM PST by MeshugeMikey (This Message NOT Approved By The N.S.A.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Justa

...but configuring the fridge to talk on your WiFi network is one of the first things you’ll do when installed. This is “Trojan Horse” in a very real sense.


39 posted on 01/17/2014 8:22:48 AM PST by fuzzylogic (welfare state = sharing consequences of poor moral choices among everybody)
[ Post Reply | Private Reply | To 20 | View Replies]

To: dayglored

OK, my bad. . .


40 posted on 01/17/2014 8:28:42 AM PST by ▀udda▀udd (>> F U B O << "What the hell kind of country is this if I can only hate a man if he's white?")
[ Post Reply | Private Reply | To 35 | View Replies]

To: MeshugeMikey
people regularly ask why I don't upgrade my phone…

And your answer is…?

41 posted on 01/17/2014 8:44:21 AM PST by doc11355
[ Post Reply | Private Reply | To 38 | View Replies]

To: MeshugeMikey

Guess I’ll continue to nurse my 25+ year old fridge. That reminds me, it needs the drip bucket at the bottom and on the inside dumped.


42 posted on 01/17/2014 9:00:50 AM PST by bgill
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
Soon, your toaster will be spying on you!


43 posted on 01/17/2014 9:26:55 AM PST by Bloody Sam Roberts ("The further a society drifts from truth the more it will hate those who speak it." - George Orwell)
[ Post Reply | Private Reply | To 4 | View Replies]

To: fuzzylogic

The article doesn’t talk about a trojan horse with these devices it talks about spamm emails sent from the devices, ergo the premise WiFi was unsecured. If the WiFi was secured the hackers’ entry point from the internet would not have been able to get into the premise WiFi network to obtain and use the network ID of these devices to send their spamm emails out the premise WiFi/router’s internet connection. If some of those network IDs are ‘toaster[unique ID]@usersISP.com’ so what. It still gives the spammer an email address to use and that’s all they care about.

And even if the appliance had trojan hardware (like the irons in Russia) it still requires an unsecured, DHCP-enabled WiFi LAN to get out to the internet and contact the hacker to enable the exploitation of the LAN and its devices.

The attack goes something like this:
Get users’ IP address off message boards, ISPs, etc. Scan the subnets looking for an unsecured or default password premise modem/routers supplied by the ISP (which they know the default passwords for). Access the unsecured router to get a list of LAN IDs. Use those IDs to send traffic to the premise router to send out their spamm emails. That way the emails orginate from non-blocked domains and known spammers.

There is more to it but there are plenty of ways to avoid your appliances getting cease-and-dissist email from your ISP. Setting a password on the ISP router/modem, disabling ISP email and blocking the router’s port 25 are a few simple ways.

It’s just spammers looking to get around their notariety to ISPs and security programs. They need an innocent ISP account (and router) to send their spamm.


44 posted on 01/17/2014 9:40:22 AM PST by Justa
[ Post Reply | Private Reply | To 39 | View Replies]

To: fuzzylogic

WiFi-enabled devices and WiFi-enabled ISP routers typically are preset for DHCP. On an unsecured WiFi network the new WiFi appliances will auto-join the local network. No user action required. This is what the hackers are looking for. The fridge just provides an additional email account to send their spamm out the WiFi router.

And the “business hacking” is most likely a business complementary WiFi for their customers in the waiting room. Like Joe’s Auto Repair w/free WiFi. They don’t secure it because they’d then have to setup every user. Even though their WiFi network is only a network access point their WiFi-enabled appliance has a network ID to exploit for spamming. In this case the fix is to block everything on their premise router but what’s needed for their customers (port 80, 443, etc.) particularly the mail ports (24, 25, 57, 109, 110, etc.).


45 posted on 01/17/2014 10:03:35 AM PST by Justa
[ Post Reply | Private Reply | To 39 | View Replies]

Comment #46 Removed by Moderator

Comment #47 Removed by Moderator

To: MeshugeMikey
how to encrypt those frozen Chocolate Cream Pies?

"I'm sorry, Dave. I can't let you have that beer.
Would you like a carrot stick?"

48 posted on 01/17/2014 11:05:59 AM PST by Flick Lives (Got a problem with the government? Have a complaint. Get a free IRS audit!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: PapaBear3625

I know someone with an expensive bed that shows up as a wi-fi network... very strange


49 posted on 01/17/2014 11:09:56 AM PST by GeronL (Extra Large Cheesy Over-Stuffed Hobbit)
[ Post Reply | Private Reply | To 3 | View Replies]

To: null and void

You beat me to the Toaster jokes.


50 posted on 01/17/2014 11:12:48 AM PST by Cyber Liberty (H.L. Mencken: "The urge to save humanity is almost always a false front for the urge to rule.")
[ Post Reply | Private Reply | To 13 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-75 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson