January 22, 2014



We talk about hackable consumer devices a lot here on the Kaspersky Daily. Generally though, the hacks are hypothetical, performed in controlled environments by computer scientists and professional hackers, some of whom prefix and suffix their names with the title of Doctor or the letters PhD respectively.


Today however, consumer device attacks became very real when researchers from the security firm Proofpoint uncovered a spam campaign seeming to originate from connected multi-media centers, smart televisions, at least one refrigerator, and a slew of other devices that technically aren’t computers but pretty much look and act like computers.

According to a report published on their ThreatInsights blog, while conducting some routine email-threat monitoring during the holidays, one of the company’s researchers discovered some 750,000 spam messages coming from something other than a desktop or laptop computer. Rather, they claim, these messages are being generated by a botnet consisting of devices within the Internet of things. Or, as they are calling it, a “Thingbot.”

One of the company’s researchers discovered some 750,000 spam messages coming from something other than a desktop or laptop computer

To be fair, the company claims that much of the spam is coming from fairly traditional devices, like routers and network-attached storage devices. In all, the researcher that uncovered the spam believes that the group machines generating these malicious messages – in addition to those we’ve already discussed – could include XBOXes, PS3s, Nintendo Wiis, and various types of set-top boxes, much of which runs on embedded linux or apache operating systems of ARM-like microcomputers.

“This proof of a systematic compromise of [Internet of things] devices and its subsequent use of those Thingbots to further attack other networks is something we’ve never seen before — but suggests an unfortunate future for both home users and Enterprises, the latter of whom now faces an even larger volume of malicious attack capacity,” the company wrote.

Speaking of enterprises, Proofpoint says that vulnerable or infected appliances that are connected to the Internet can potentially pose a risk to corporate networks.

“All a user has to do is use a remote [remote desktop protocol] connection, or conceivably simply take an action like checking their fridge from their work PC; if a classic drive-by or even a redirect has been installed, the work PC is now compromised (though this is arguably more farfetched),” the company reasoned on their blog. “Clearly, as the trend towards smart devices and BYOD increases, the risk of Enterprise exposure increases correspondingly, exponentially.”