Are Our Cyber Vulnerabilities Being Amplified Because Of Our Household Devices

Proofpoint Inc. reported an attack on the Internet Of Things (IoT), wherein 750,000 malicious e-mails were sent from a host of corrupted appliances, over this holiday season.

With the advancement of technology, our computers became laptops and phones became smartphones. While we weren’t looking, the Internet Of Things was born and gained a country-worth of dreamers and “inventors”. We regular folks may have not realised it completely yet, but a lot of household equipment is now Online, and has intrinsic Internet capabilities. Household items such as refrigerators, washing machines, TVs, gaming consoles, cameras, modems and routers among other devices that are connected to the Internet to create an “Internet of Things” is an encouraging testament of how technology and innovation has leaped forward.

Smaller still, is our conscious awareness of how this increases the sandbox for cybercrime as well.

Back to the story, Proofpoint (an Internet security service provider) reported a mass-attack on the Internet of Things between 23rd December 2013 and 6th January 2014, where over 100,000 compromised appliances (or ‘thing-bots’ if you will) were used to send 750,000 malicious e-mails. This was clearly a pro-type splurge — no more than 10 emails were generated from one IP address, thereby making automated intervention by spam guards largely ineffective (intense traffic from one sources tickles spam guards and sets the virtual alarms ringing, but small scale traffic is considered normal and hence doesn’t hid the radar).

The cyber-criminal community practices impersonation to infiltrate security barriers and firewalls of the online world, and with the as-yet nascent IoT still being vulnerable (as it and its participating devices yet lack the anti-virus infrastructure available for computing devices and smartphones), the criminal community seems to have discovered a whole new platform to trigger their malpractices from.

Apparently they corrupt the functioning of the appliance linked to the IoT by relying on the owners’ naïveté, misconfiguration or laziness (in using easy-to-crack passwords) leaving the devices exposed on public platforms.

With majors like Google buying Nest for $3.2 billion in cash, it is obvious that the “Internet of Things” is only a matter of time, and restricted not even by their inventors’ imagination. Yet as this event shows, it would open an unrestricted playing field for malicious software and security software. With the ever-growing number of devices connecting to the Internet, the threat is gargantuan.

Greater security measures like those incorporated in laptops and shared networks will have to be extended to smart devices, toasters and air conditioners alike (we like to imagine our Bajaj toaster with a USB plug or an RJ 45 socket).

Originally published at Chip-Monks.