NPR : News

Filed Under:

What Do You Do If Your Refrigerator Begins Sending Malicious Emails?

The thing about the Internet of Things, which describes the near future in which all our devices and appliances are connected to the Internet — and one another — is that suddenly they're vulnerable to the dark side of constant connectivity, too. Cybersecurity folks point out it "opens a Pandora's Box of security and privacy risks that cannot be ignored," writes Christophe Fabre, CEO of software services vendor Axway.

Just on the heels of Google joining the smart appliances frontier, the security firm Proofpoint Inc. reports it has uncovered one of the first Internet of Things cyberattacks. (The firm gets hired to, among other things, monitor the email gateways for hundreds of companies, scan them and analyze them for nefariousness.)

Included in the attack were smart TVs, wireless speakers and at least one refrigerator. It turns out refrigerators can send out emails, so just as your email can be hacked, your fridge can, too.

"People should be concerned because unlike PCs and laptops where there are tools and user interfaces where you can tell if something is wrong, there's not a lot to help you tell if your fridge or home audio system has been compromised," says David Knight, general manager of information security for Proofpoint.

Here's how the company says it worked: Sometime between Dec. 23 and Jan. 6, hackers commandeered home routers and the like and used them to send out malicious emails to grow their botnet, or, army of infected devices. Botnets — and now, "ThingBots" — can be used by hackers to perform large-scale cyberattacks against websites by drowning them with traffic.

So as consumers are beginning to buy Internet-connected appliances, Knight says consider the security of those devices, too. And that companies haven't done enough to protect appliances from hacks.

"Many of these devices, without picking on manufacturers, are running old software with known vulnerabilities. They've got very insecure default passwords like [username] admin [password] admin," Knight says. The net effect for consumers, he says — other than degraded machine performance because of compromised software — is that their machines will be busy sending malicious messages "instead of playing music or doing whatever they're supposed to be doing," he says. "They also might cease to function or not be reachable for their intended purpose."

When we learned that a fridge was hacked, my editor wanted to know what was in the fridge, since Proofpoint could easily log into it. But the firm said it didn't peek.

"We chose not to pry into the privacy of this person's refrigerator," Knight says.

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

NPR

On Television, More Transgender Characters Come Into Focus

Now that it's more common to see gay characters on TV, is the medium turning to transgender people for fresh stories? NPR's Neda Ulaby looks at TV's crop of transgender and "gender fluid" characters.
NPR

Obama Gets A Taste Of Jiro's 'Dream' Sushi In Name Of Diplomacy

On the first leg of his Asian tour, the president stopped by the iconic sushi restaurant. David Gelb, who directed a documentary about the restaurant, says eating there is amazing and nerve-wracking.
WAMU 88.5

Environmentalists Turn To Campaign Finance Reform To Advance Cause

Frustrated by the lobbying power of oil and gas companies, environmenalists are joining the call for campaign finance reform in Washington.

NPR

FCC Set To Change Net Neutrality Rules

On Thursday, the chairman of the Federal Communications Commission will propose new rules for how broadband providers should treat the Internet traffic flowing through their networks.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.