Posted on 01/17/2014 6:19:17 AM PST by MeshugeMikey
Security researchers at Proofpoint have uncovered the very first wide-scale hack that involved television sets and at least one refrigerator.
Yes, a fridge.
This is being hailed as the first home appliance "botnet" and the first cyberattack from the Internet of Things.
(Excerpt) Read more at businessinsider.com ...
And your answer is…?
Guess I’ll continue to nurse my 25+ year old fridge. That reminds me, it needs the drip bucket at the bottom and on the inside dumped.
The article doesn’t talk about a trojan horse with these devices it talks about spamm emails sent from the devices, ergo the premise WiFi was unsecured. If the WiFi was secured the hackers’ entry point from the internet would not have been able to get into the premise WiFi network to obtain and use the network ID of these devices to send their spamm emails out the premise WiFi/router’s internet connection. If some of those network IDs are ‘toaster[unique ID]@usersISP.com’ so what. It still gives the spammer an email address to use and that’s all they care about.
And even if the appliance had trojan hardware (like the irons in Russia) it still requires an unsecured, DHCP-enabled WiFi LAN to get out to the internet and contact the hacker to enable the exploitation of the LAN and its devices.
The attack goes something like this:
Get users’ IP address off message boards, ISPs, etc. Scan the subnets looking for an unsecured or default password premise modem/routers supplied by the ISP (which they know the default passwords for). Access the unsecured router to get a list of LAN IDs. Use those IDs to send traffic to the premise router to send out their spamm emails. That way the emails orginate from non-blocked domains and known spammers.
There is more to it but there are plenty of ways to avoid your appliances getting cease-and-dissist email from your ISP. Setting a password on the ISP router/modem, disabling ISP email and blocking the router’s port 25 are a few simple ways.
It’s just spammers looking to get around their notariety to ISPs and security programs. They need an innocent ISP account (and router) to send their spamm.
WiFi-enabled devices and WiFi-enabled ISP routers typically are preset for DHCP. On an unsecured WiFi network the new WiFi appliances will auto-join the local network. No user action required. This is what the hackers are looking for. The fridge just provides an additional email account to send their spamm out the WiFi router.
And the “business hacking” is most likely a business complementary WiFi for their customers in the waiting room. Like Joe’s Auto Repair w/free WiFi. They don’t secure it because they’d then have to setup every user. Even though their WiFi network is only a network access point their WiFi-enabled appliance has a network ID to exploit for spamming. In this case the fix is to block everything on their premise router but what’s needed for their customers (port 80, 443, etc.) particularly the mail ports (24, 25, 57, 109, 110, etc.).
"I'm sorry, Dave. I can't let you have that beer.
Would you like a carrot stick?"
I know someone with an expensive bed that shows up as a wi-fi network... very strange
You beat me to the Toaster jokes.
Hal? HAL?
Without a doubt, they will do this if they are allowed to continue unobstructed.
England does not want me.
I'd kick up quite a fuss.
Hmmm is this where The Brave Little Toaster ended up?
They have to. Multiple devices cannot have the same IP at the same time, anyway.
Already patented. Prolly being built or offered for sale somewhere right now.
I have to laugh every time I see the pinheads on the taxpayer-funded PBS series “This Old House” brag about the home automation system they installed:
“We can control the lights, heat, locks, etc. from a smartphone or tablet! Ain’t that cool?”
Sure. What could _possibly_ go wrong?
*snort*
:wq
Didn’t Google just pay 3.5bil for the outfit that makes wifi connected thermostats?
It’s ok, Darks. We love you anyway.
Yes I believe that they did!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.