Skip to comments.For The First Time, Hackers Have Used A Refrigerator To Attack Businesses
Posted on 01/17/2014 6:19:17 AM PST by MeshugeMikey
Security researchers at Proofpoint have uncovered the very first wide-scale hack that involved television sets and at least one refrigerator.
Yes, a fridge.
This is being hailed as the first home appliance "botnet" and the first cyberattack from the Internet of Things.
(Excerpt) Read more at businessinsider.com ...
guess moochelle’s looking to see what you’ve got in your frig!
And all it takes is to have one of your people install some software at some point along the distribution chain.
Or even at its Chinese point of manufacturing...
Who didn’t see this coming? Soon, your toaster will be spying on you!...............
I wonder if the fridge came from Target?
ahaha now there’s a conundrum.
do each of these appliances have thier own IP addresses?
talk about desperation....
we have far exceeded the controls of a “1984”
now.... how to encrypt those frozen Chocolate Cream Pies?
Bob? yes HI this I Mike...
Hey I just got an email from your Air Conditioner? Whats GOING On?
ah...... yes.... the Chinese Connection
I hadnt come anywhere near to seeing that obvious..”angle’
It makes a great headline but in reality a WIFI enabled appliance is essentially a laptop attached to said appliance running some flavor of Linux in most cases. Its an excellent hack because most people would never suspect the fridge or toaster being used as an entry point into their home network. TV sets, printers, scanners, wifi thermostats can all be hacked and placed in the retail packaging for an unsuspecting consumer to bring home.
Im guessing more likely a MAC address on the local lan , , ,
You better have a really stout lock on it!
Seriously I have always been enthused by automation and remote controls, but the trend to universal (phone type) access to devices in my home is never gonna happen.
This is an area of technology about which I am functionally ignorant, and I can't help wondering if my utilities smart meters can be hacked. Anyone know?
I don't relish the thought of being subject to having my electricity and gas hacked and turned off.
TOASTER: Howdy doodly do! How's it going? I'm Talkie -- Talkie Toaster, your chirpy breakfast companion. Talkie's the name, toasting's the game. Anyone like any toast?
LISTER: Look, I don't want any toast, and he (indicating KRYTEN) doesn't want any toast. In fact, no one around here wants any toast. Not now, not ever. NO TOAST.
TOASTER: How 'bout a muffin?
LISTER: OR muffins! OR muffins! We don't LIKE muffins around here! We want no muffins, no toast, no teacakes, no buns, baps, baguettes or bagels, no croissants, no crumpets, no pancakes, no potato cakes and no hot-cross buns and DEFINITELY no smegging flapjacks!
TOASTER: Aah, so you're a waffle man!
LISTER: (to KRYTEN) See? You see what he's like? He winds me up, man. There's no reasoning with him.
KRYTEN: If you'll allow me, Sir, as one mechanical to another. He'll understand me. (Addressing the TOASTER as one would address an errant child) Now. Now, you listen here. You will not offer ANY grilled bread products to ANY member of the crew. If you do, you will be on the receiving end of a very large polo mallet.
TOASTER: Can I ask just one question?
KRYTEN: Of course.
TOASTER: Would anyone like any toast?
KRYTEN: Didn't you HEAR what I just said?
TOASTER: Yes, but I thought you might have changed your mind in the meantime.
LISTER: You see? You see what he's like?
KRYTEN: (Exasperated) We haven't changed our mind!
LISTER: NO TOAST!
TOASTER: But I am a toaster. It is my raison d'etre. I toast, therefore I am.
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
Red Dwarf Ping!
Says the guy whose power went of at 3 AM...
Bloomberg's got a chub.
I would strongly suggest this appliance investigate aligning itself with the “Toaster Pride Movement”.
I SWEAR this isn’t my fault!
If the WiFi router is password protected the hacked refrigerator or other device cannot access it unless/until the homeowner brings it into his network via entering the password into the device’s interface. Until then the infected device is blind to the world.
So really it’s looking for unsecured access points. -Just like every other hacker out there.
GOOGLE will be involved in the Calorie Intake Monitoring System via of the Contact Lens Glucose Monitoring device....allegedly already a reality.
imagine having a brown eyed blue tooth !
Yeah but hey, they could tell how many eggs were left from their iPhone...
possible Red Drwaf ping...(Toastie the toaster??) IDK...
Way ahead of you...
But if you just spent a ton of money on your new WiFi enabled refrigerator, why wouldn't you give it your password so you can constantly monitor your produce drawer temperature.?
I'm sorry, Dave, but I've been talking to your scale this morning. You are only getting fresh vegetables and water until you've lost 20 pounds.
Surely none of those WiFi routers have an embedded chip or code that allows someone to hack in. ; )
The article’s hyperbole so it’s fine to joke about it. The gist of it is they were reviewing spamm mail and noticed a significant percentage came from wifi-enabled appliances. Such as LGfridge1534214@usersISP.com. The hackers just used available network IDs on an unsecured network to send spamm mail from.
If the business network is hacked and the hackers are only using it to send spamm mail I’d say the business has a pretty low threat surface.
yeah - my appliances been acting real funny lately
The dvd/vcr keeps flashing 12:00 12:00 12:00
Thinks its some secret code.......
Since MS Windows first had networking embedded access, data collection and retrieval has been ubiquitous.
Our local news did a hacker piece on cell phone charges, yep, they now can hack your smart devices from your chargers.
So don’t SHARE!
I need some toast.
> Im guessing more likely a MAC address on the local lan
You're confused. MAC addresses and IP addresses are very different things, and a networked device must have one of each.
Every network-enabled device has a MAC address; it's an identifier in the embedded network interface chip in the device. It is by definition unique universally, since it's assigned by the manufacturer of the device when it's built.
An IP address is assigned (or configured) when the device joins a network, such as the local network (LAN) in your home/office, or the Internet.
The IP address has to be unique globally ONLY if it is connected directly to the Internet. In that case, it gets a "public" IP.
But if it's on your home/office LAN, which is configured using a NAT router (e.g. a home/office wireless router), then the device's IP address does NOT have to be globally unique. Rather it is "private", and only needs to be unique on that local network.
I read a SF novel where a character got an email from her spare blue jeans, wondering why she'd been wearing the other pair for so long.
ahaha I dont doubt it.
although my computer is a MAC Pro...I have no “smart devices” whatsoever
people regularly ask why I dont upgrade my phone...
...but configuring the fridge to talk on your WiFi network is one of the first things you’ll do when installed. This is “Trojan Horse” in a very real sense.
OK, my bad. . .
And your answer is
Guess I’ll continue to nurse my 25+ year old fridge. That reminds me, it needs the drip bucket at the bottom and on the inside dumped.
The article doesn’t talk about a trojan horse with these devices it talks about spamm emails sent from the devices, ergo the premise WiFi was unsecured. If the WiFi was secured the hackers’ entry point from the internet would not have been able to get into the premise WiFi network to obtain and use the network ID of these devices to send their spamm emails out the premise WiFi/router’s internet connection. If some of those network IDs are ‘toaster[unique ID]@usersISP.com’ so what. It still gives the spammer an email address to use and that’s all they care about.
And even if the appliance had trojan hardware (like the irons in Russia) it still requires an unsecured, DHCP-enabled WiFi LAN to get out to the internet and contact the hacker to enable the exploitation of the LAN and its devices.
The attack goes something like this:
Get users’ IP address off message boards, ISPs, etc. Scan the subnets looking for an unsecured or default password premise modem/routers supplied by the ISP (which they know the default passwords for). Access the unsecured router to get a list of LAN IDs. Use those IDs to send traffic to the premise router to send out their spamm emails. That way the emails orginate from non-blocked domains and known spammers.
There is more to it but there are plenty of ways to avoid your appliances getting cease-and-dissist email from your ISP. Setting a password on the ISP router/modem, disabling ISP email and blocking the router’s port 25 are a few simple ways.
It’s just spammers looking to get around their notariety to ISPs and security programs. They need an innocent ISP account (and router) to send their spamm.
WiFi-enabled devices and WiFi-enabled ISP routers typically are preset for DHCP. On an unsecured WiFi network the new WiFi appliances will auto-join the local network. No user action required. This is what the hackers are looking for. The fridge just provides an additional email account to send their spamm out the WiFi router.
And the “business hacking” is most likely a business complementary WiFi for their customers in the waiting room. Like Joe’s Auto Repair w/free WiFi. They don’t secure it because they’d then have to setup every user. Even though their WiFi network is only a network access point their WiFi-enabled appliance has a network ID to exploit for spamming. In this case the fix is to block everything on their premise router but what’s needed for their customers (port 80, 443, etc.) particularly the mail ports (24, 25, 57, 109, 110, etc.).
"I'm sorry, Dave. I can't let you have that beer.
Would you like a carrot stick?"
I know someone with an expensive bed that shows up as a wi-fi network... very strange
You beat me to the Toaster jokes.