In the first documented attack of its kind, the Internet of Things was misused to send out more than 750,000 spam mails through a common household appliance- the refrigerator.
The Internet of Things has uncovered remarkable possibilities. Smart air-conditioners, smart TVs, smart washing machines, smart lighting have made life convenient, simple & futuristic. With huge data influx, unparalleled connectivity & never-before-imagined potential, the Internet has opened the floodgates of a new era in connectivity. But what happens when the good is used for the bad? In this edition of Security Beat, we bring to light the incidences of the misuse of the Internet of Things – a serious security threat or a few stray incidences?
The Refrigerator Attack
The smart refrigerator allows you access to the Internet, calls for servicing, monitors your energy consumption & even sends you Twitter updates. So, how do such smart devices act not-so-smart when it comes to cyber attacks? Is it lack of malware protection, exposing it to attacks? Could it be due to the inadequacy to foresee such attacks? Some manufacturers do not have adequate safeguards in place to prepare for such attacks.
Security company, Proofpoint discovered a botnet attack in the refrigerator incident i.e. an attack where a device is hijacked remotely & sends out spam. The refrigerator sent out over 750,000 e-mails in bursts of 100,000 e-mails at a time, thrice a day! Reports found that the “victim” devices had misconfigurations & default passwords, leaving them open on public networks & vulnerable to such an attack. While this may seem like a major concern with IoT, botnet attacks have been known to operate on common, everyday devices like mobile phones as well making this an issue not just sprouting out of the Internet of Things but rather, a security threat, regardless.
The Linux Worm
In another documented incident, a Linux worm, Linux.Darlloz attacked home routers, set-top boxes, security cameras, industrial control systems, printers etc. The worm exploited a PHP vulnerability & infected devices that run Linux on Intel’s x86 chip architecture and other embedded device architectures like PPC, MIPSEL and MIPS. Symantec found 31,716 infected devices. China, USA, South Korea, Taiwan & India were among the more severely affected countries.
How Credible are these Threats?
While refrigerator attacks might seem like something out of a science fiction comic, it is important to assess the credibility of these threats. With the International Data Corporation predicting that over 200 million devices will be connected to the internet by the year 2020, the risk seems greater. However, on closer examination of these attacks, it becomes clearer that the IoT does not pose a security threat in itself. In other words, the risk of misusing any devices or any appliance is always present. Be it a pair of scissors or a knife, every object/appliance/device can be misused. It’s up to users, engineers, manufacturers, software engineers to adopt adequate safeguards for operation.
What can be done to prevent security threats from devices? ICANN and the government can together ensure customer durable making companies follow standardized protocols for manufacturing devices inclined to such threats. Additionally, protected devices, strong passwords & constant monitoring can avoid security compromises and advance the technology reign.