A report from security researchers has claimed that hundreds of thousands of spam emails are being sent using smart devices, including televisions, wireless routers, and even in one instance a refrigerator.
The report comes from the California-based company Proofpoint. In it, they state that many devices are falling under control of a new form of malware they call “thingbots”. It connects various smart technology, making them into an elaborate network that was able to fire off more than 750,000 emails in as little as two weeks.
More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator, the report said.
No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location – and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.
It is an alarming thought, but not a surprisingly. Theoretically, anything that has a connection to the internet can be vulnerable to malware attacks. Having most of the same components as traditional computers, the same capabilities that have been seen in connecting those computers could logically be applied to other devices.
While this might not have been as frightening an idea as little as five years ago, the prevalence of smart appliances now makes the implications more grave. Everything from thermostats to game consoles could potentially act as a connection point for these viruses.
The good news is that this network of 100,000 connected devices sending out spam might not be what it seems. Several sources in the tech community, including Ars Technica’s Dan Goodin, have been quick to point out that there was very little provided evidence in the report. That doesn’t mean it isn’t true, but so far the research itself seems a little under developed and maybe not that well documented.
Either way, the potential threat of smart devices under malware control is very real, at least in theory. For one thing, browsers on smart TVs have very little protection against phishing and account hacking, but access to things like financial information using apps like Hulu, Amazon or Netflix, or social media profiles like Facebook and Twitter.