Feeds

back to article Cybercrooks slide fingers into TELLIES+FRIDGES, spam splurge ensues

Miscreants have launched an Internet of Things-based cyberattack involving household "smart" appliances. The global spam distribution campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets. Items such as home-networking routers, connected multi-media centres, …

COMMENTS

This topic is closed for new posts.

And so it begins

The first thing I thought of when they announced a few years back how we would have all these 'smart' devices connected to the net was 'I bet someone figures out how to turn them into zombie spambots or worse'. I must not have been the only one to think this was a dumb idea in the first place. You don't really need your fridge connected to the internet ordering milk you lazy sods out there with too much money and too little sense to operate one.

Now look at what's happening. It will be a nightmare to try and sort this crap out in years to come. I say we scrap the internet and start again. Nuke it from orbit. It's the only way to be sure.

11
0
Bronze badge
Thumb Up

Re: And so it begins

Oh how right you are sir. And precisely why I will never own a "Nest" thermostat, or any other "smart" appliance. "Smart" appliances are for dumb-asses too stupid...or to incompetent...to take responsibility for their own lives.

I have a new "smart" television (SONY), but removed the USB wireless NIC a few days ago, because I really have no need for it. Don't use Netflix, or any other streaming program like that, so no need for the tellie to be connected to the outside world via the Internet.

1
0

Re: And so it begins

Just recently I saw an odd popup on my Smart TV (most of the time it runs as a large PC monitor). At first I thought it was an IE popup window but soon I realized that my Samsung smart-TV overlay-ed (I was not using the "smarthub" at the time) box with Yahoo interactive content "offer" that could be only closed with the remote (accepting the terms etc) but to uncheck "I want to receive ...." box took a little extra effort. Shame on you Samsung (and time to pull the plug on the smarthub as the novelty of smart tv wears off really quickly. It's ok and streaming vimeo rendered great picture, no pc to fire up etc but searching for content is pain in the neck and external keyboard/mouse does not seem to work any good across different apps, and the thing does who knows what in the background).

1
0
Silver badge
Windows

Re: And so it begins

You do realise that there exists this thing called choice?

E.g. Don't buy a network capable device, and if you can't choose that option, then don't plug it into the network / don't give it your wi-fi password.

Or live on a park bench, like him. >>>>>>>>>>

Problem solved.

Have a drink, and chill out.

0
1

Re: And so it begins

Obligatory XKCD:

http://xkcd.com/1109/

0
0
Anonymous Coward

PR campaign?

by prompting media outlets, such as the Register, to bite into the juicy, still fresh, topic and spread the word about the previously uknown antivirus vendor? Surely, if the matter were that important, the big antivir boys would have spotted the opportunity to peddle their business as well, and we would have heard about it "all over the internets"?

0
0

Re: PR campaign?

how cynical of you

from their company website

"Founded in 2002 by Eric Hahn, a pioneer in corporate messaging solutions and former CTO of Netscape, Proofpoint has continued to stay ahead of the curve"

it is a tribute their skill in corporate communications that they have stayed ahead of the curve for 12 years and yet, at least 2 of us have never heard of them!

I bet you are the kind of person that wonders why they didn't say anything DURING the events.

I bet you think its so that claims of the internet of thingies going rogue could not be verified by those who are so inept at corporate communication curves that they have become household names?

0
0
Silver badge

Re: PR campaign?

I don't mind letting a security firm raise its profile if it helps to create the narrative that smart appliances have more negative qualities than positive.

0
0

Won't these be easier for find when they are globally addressable using IPV6?

Part of the address is the MAC address of the device. Misacreants will thus have an easier time detecting vvulnerable devices.

3
2
Anonymous Coward

Re: Won't these be easier for find when they are globally addressable using IPV6?

Slightly mystified by the downvotes there. Seems like a perfectly valid point. All they'd need is a MAC/OUI lookup database and suitable scripts, yes.

2
0
Silver badge

Re: Won't these be easier for find when they are globally addressable using IPV6?

That version of IPv6 didn't make the cut.

1
0
Anonymous Coward

Re: Won't these be easier for find when they are globally addressable using IPV6?

"That version of IPv6 didn't make the cut."

Well... they're not globally accessible, but if you're on the same network segment as the devices you're trying to identify MAC addresses do come into play The inclusion of the MAC address as a means of associating a unique physical identifier in an IP address is one of the reasons why IPv6 addresses provide such a large address space.The MAC address appears as part of link-local IPv6 addresses. It's just that modern OSes with IPv6 (current Windows versions, MacOS, and some Linux distributions) assign a different temporary privacy address by default, an evident reaction to the realisation of the potential privacy issue.

But yeah, I'll backtrack a bit and add that it's hard to say how 'real' an issue it would be in practice. I guess we'll find out as these devices become more widespread.

0
0
Bronze badge

POC Code

I'm currently writing a virus that will encrypt all of your milk and also any pants in washing machines that have mapped drives. How many bitcoins should I charge for the private key?

8
0
Silver badge

Re: POC Code

My version will scramble your eggs

3
0
Bronze badge
Pirate

Re: POC Code

I'm working on a version that will fertilize them.

3
0
Anonymous Coward

Re: POC Code

Abort, Retry, Fail! Abort, Retry, Fail...

0
0
Silver badge
Happy

Re: POC Code

"My version will scramble your eggs"

I like scrambled eggs. Therefore I won't pay your ransom to stop doing it.

Hold on, that's a friend of mine on the phone. He wants to know if you'd like the IP address of his fridge, too, because he's also partial to scrambled eggs.

0
0
Silver badge
Joke

A certain irony?

So if I have an internet-enabled oven, it could be serving me up spam?

How ironically full-circle...

5
0
Silver badge

My Talky Toaster ....

... told me it has a Nigerian cousin that needs some help getting money out of Nigeria. Should I believe it?

1
0
Silver badge
Pint

Re: My Talky Toaster ....

Congratulations, you are on the right track as you ask.

0
0
Silver badge
Joke

Re: My Talky Toaster ....

Hmm I misread that as Nigella.

Gives a whole new meaning to gastoporn...

0
0
Silver badge

Just try

Getting a patch for last years model TV/Fridge/whatever when everything is "smart".

3
0
Anonymous Coward

Re: Just try

Yep, CE companies don't do long product support life-cycles.

0
0
Anonymous Coward

Re: Just try

If I were a smart fridge / telly, I'd do ANYTHING not to get a firmware update. It's practically new personality. Why would I choose to be erased?! I guess I'll speak to my licensee to strike a deal: I promise to spy on you only every other day, and also block ads from up to THREE brands of your choosing. In return....

0
0

Re: Just try

How do I change the password on my Fridge? Just askin'.....

1
0
Anonymous Coward

I don't need to friggin internet controlled fridge

I just want it to store my beer (and some food).

4
0
Silver badge

Re: I don't need to friggin internet controlled fridge

You waste beer-space on food? That's what take-away is for!

1
0
Anonymous Coward

Re: I don't need to friggin internet controlled fridge

I need to save the remaining parts of the pizza I ordered to the next day.

1
0
Silver badge
Mushroom

I can't wait

I'm sure that some Anonymous member will figure out how to turn ip addressable light bulbs in to anti-epileptic strobe lights. I'm not really worried about that one, since neither myself or my significant other is epileptic. What I'm more worried about is someone sending an update to every smart vehicle with code that makes it swerve into the left lane if it detects a police car. I wouldn't mind them sending an update that makes the car pull gently into the right-hand lane if it detects a faster car coming up from behind, since most drivers in Atlanta don't understand this principle.

The possibilities are endless.

1
0
Silver badge

Re: I can't wait

"I wouldn't mind them sending an update that makes the car pull gently into the right-hand lane if it detects a faster car coming up from behind, since most drivers in Atlanta"

Even worse, someone sends that "wrong" update to those who drive on the proper side of the road :-)

0
0
Gold badge
Unhappy

Re: I can't wait

I think most cars in Belgium already have that update.

Maybe one day they'll add the bit that checks to see if there's something already in the lane to the right before doing it....

0
0

Protect?

Hmm. Have often wondered about my so-called smart telly connected to the net. It's only a computer after all! No protection, other than being behind a router and, as the LG fiasco showed, TV manufacturers don't seem to have much idea what the mini-computers built into their smart tellies are up to.

0
0
Silver badge

Interesting concept

If I were a miscreant and had some spam to send, it makes more sense to use the Internet-of-Things than using PC botnets. Chance of the things being patched.. slim to non-existent. Chance of anti-malware being put on the device... slim to non-existent. Chance of the owner/user turning it off for the day or night... slim to non-existent. Chance of the embedded software being secure.. slim to non-existent. Chance of the owner noticing that his appliance is eating kW of electricity and doing something other than what it was designed for is... slim to non-existent.

The world has become a very scary place indeed.

3
0
Silver badge
Paris Hilton

As I was saying....

Yep. Don't just give me the Internet of things, make sure it's connected to the "cloud" as well.

Because we just live in her Idiocracy world. ------------>>>

0
0

Re: As I was saying....

She might have an internet connected appliance as well....

0
0
Silver badge
Pirate

So, The MPAA might have been right....

...to accuse a printer IP address of torrenting?

0
0

Many people live in apartments

Many people (in America) live in apartments, and we do not choose our thermostats, refrigerators, washing machines, and other large appliances. The apartment comes partially furnished. So many of us have no opportunity to practice the advice "don't buy internet connected devices." Our apartment manager will have bought these devices. Maybe they even spy on us.

0
0
Anonymous Coward

Re: Many people live in apartments

NSA Rookie: Sir, something REALLY big must be going down tonight, for sure! He's just stocked up the fridge with enough frozen pizzas and beer for eight people. Maybe an illegal poker game?

Agent Smith:(yawn) Yeah whatever, but don't bother with the video feed until he fires up the porn channel. And fetch me a beer out of that old Frigidaire we confiscated last week.

0
0
Megaphone

International child abuse webcam ring smashed after routine police check

After reading this story after the kiddy pr0n one, makes one wonder if the baby bottle warmer could be doing double duty. Are there people still planting these pictures on your computer and then holding you ransom? Wait, what's that moaning coming from my oven!?

0
0
This topic is closed for new posts.