back to article Cybercrooks slide fingers into TELLIES+FRIDGES, spam splurge ensues

Miscreants have launched an Internet of Things-based cyberattack involving household "smart" appliances. The global spam distribution campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets. Items such as home-networking routers, connected multi-media centres …


This topic is closed for new posts.
  1. Dick Emery

    And so it begins

    The first thing I thought of when they announced a few years back how we would have all these 'smart' devices connected to the net was 'I bet someone figures out how to turn them into zombie spambots or worse'. I must not have been the only one to think this was a dumb idea in the first place. You don't really need your fridge connected to the internet ordering milk you lazy sods out there with too much money and too little sense to operate one.

    Now look at what's happening. It will be a nightmare to try and sort this crap out in years to come. I say we scrap the internet and start again. Nuke it from orbit. It's the only way to be sure.

    1. ItsNotMe
      Thumb Up

      Re: And so it begins

      Oh how right you are sir. And precisely why I will never own a "Nest" thermostat, or any other "smart" appliance. "Smart" appliances are for dumb-asses too stupid...or to take responsibility for their own lives.

      I have a new "smart" television (SONY), but removed the USB wireless NIC a few days ago, because I really have no need for it. Don't use Netflix, or any other streaming program like that, so no need for the tellie to be connected to the outside world via the Internet.

      1. joed

        Re: And so it begins

        Just recently I saw an odd popup on my Smart TV (most of the time it runs as a large PC monitor). At first I thought it was an IE popup window but soon I realized that my Samsung smart-TV overlay-ed (I was not using the "smarthub" at the time) box with Yahoo interactive content "offer" that could be only closed with the remote (accepting the terms etc) but to uncheck "I want to receive ...." box took a little extra effort. Shame on you Samsung (and time to pull the plug on the smarthub as the novelty of smart tv wears off really quickly. It's ok and streaming vimeo rendered great picture, no pc to fire up etc but searching for content is pain in the neck and external keyboard/mouse does not seem to work any good across different apps, and the thing does who knows what in the background).

    2. Anomalous Cowturd

      Re: And so it begins

      You do realise that there exists this thing called choice?

      E.g. Don't buy a network capable device, and if you can't choose that option, then don't plug it into the network / don't give it your wi-fi password.

      Or live on a park bench, like him. >>>>>>>>>>

      Problem solved.

      Have a drink, and chill out.

    3. Euripides Pants Silver badge

      Re: And so it begins

      Obligatory XKCD:

  2. Anonymous Coward
    Anonymous Coward

    PR campaign?

    by prompting media outlets, such as the Register, to bite into the juicy, still fresh, topic and spread the word about the previously uknown antivirus vendor? Surely, if the matter were that important, the big antivir boys would have spotted the opportunity to peddle their business as well, and we would have heard about it "all over the internets"?

    1. Happy Ranter

      Re: PR campaign?

      how cynical of you

      from their company website

      "Founded in 2002 by Eric Hahn, a pioneer in corporate messaging solutions and former CTO of Netscape, Proofpoint has continued to stay ahead of the curve"

      it is a tribute their skill in corporate communications that they have stayed ahead of the curve for 12 years and yet, at least 2 of us have never heard of them!

      I bet you are the kind of person that wonders why they didn't say anything DURING the events.

      I bet you think its so that claims of the internet of thingies going rogue could not be verified by those who are so inept at corporate communication curves that they have become household names?

    2. ThomH

      Re: PR campaign?

      I don't mind letting a security firm raise its profile if it helps to create the narrative that smart appliances have more negative qualities than positive.

  3. Missing Semicolon

    Won't these be easier for find when they are globally addressable using IPV6?

    Part of the address is the MAC address of the device. Misacreants will thus have an easier time detecting vvulnerable devices.

    1. Anonymous Coward
      Anonymous Coward

      Re: Won't these be easier for find when they are globally addressable using IPV6?

      Slightly mystified by the downvotes there. Seems like a perfectly valid point. All they'd need is a MAC/OUI lookup database and suitable scripts, yes.

      1. Anonymous Coward
        Anonymous Coward

        Re: Won't these be easier for find when they are globally addressable using IPV6?

        That version of IPv6 didn't make the cut.

        1. Anonymous Coward
          Anonymous Coward

          Re: Won't these be easier for find when they are globally addressable using IPV6?

          "That version of IPv6 didn't make the cut."

          Well... they're not globally accessible, but if you're on the same network segment as the devices you're trying to identify MAC addresses do come into play The inclusion of the MAC address as a means of associating a unique physical identifier in an IP address is one of the reasons why IPv6 addresses provide such a large address space.The MAC address appears as part of link-local IPv6 addresses. It's just that modern OSes with IPv6 (current Windows versions, MacOS, and some Linux distributions) assign a different temporary privacy address by default, an evident reaction to the realisation of the potential privacy issue.

          But yeah, I'll backtrack a bit and add that it's hard to say how 'real' an issue it would be in practice. I guess we'll find out as these devices become more widespread.

  4. 's water music Silver badge

    POC Code

    I'm currently writing a virus that will encrypt all of your milk and also any pants in washing machines that have mapped drives. How many bitcoins should I charge for the private key?

    1. Cliff

      Re: POC Code

      My version will scramble your eggs

      1. Swarthy Silver badge

        Re: POC Code

        I'm working on a version that will fertilize them.

        1. Anonymous Coward
          Anonymous Coward

          Re: POC Code

          Abort, Retry, Fail! Abort, Retry, Fail...

      2. VinceH

        Re: POC Code

        "My version will scramble your eggs"

        I like scrambled eggs. Therefore I won't pay your ransom to stop doing it.

        Hold on, that's a friend of mine on the phone. He wants to know if you'd like the IP address of his fridge, too, because he's also partial to scrambled eggs.

  5. Anonymous Custard Silver badge

    A certain irony?

    So if I have an internet-enabled oven, it could be serving me up spam?

    How ironically full-circle...

  6. frank ly

    My Talky Toaster ....

    ... told me it has a Nigerian cousin that needs some help getting money out of Nigeria. Should I believe it?

    1. Lars Silver badge

      Re: My Talky Toaster ....

      Congratulations, you are on the right track as you ask.

    2. Anonymous Custard Silver badge

      Re: My Talky Toaster ....

      Hmm I misread that as Nigella.

      Gives a whole new meaning to gastoporn...

  7. Tom 35 Silver badge

    Just try

    Getting a patch for last years model TV/Fridge/whatever when everything is "smart".

    1. Anonymous Coward
      Anonymous Coward

      Re: Just try

      Yep, CE companies don't do long product support life-cycles.

    2. Anonymous Coward
      Anonymous Coward

      Re: Just try

      If I were a smart fridge / telly, I'd do ANYTHING not to get a firmware update. It's practically new personality. Why would I choose to be erased?! I guess I'll speak to my licensee to strike a deal: I promise to spy on you only every other day, and also block ads from up to THREE brands of your choosing. In return....

    3. Sureo

      Re: Just try

      How do I change the password on my Fridge? Just askin'.....

  8. Anonymous Coward
    Anonymous Coward

    I don't need to friggin internet controlled fridge

    I just want it to store my beer (and some food).

    1. Anonymous Custard Silver badge

      Re: I don't need to friggin internet controlled fridge

      You waste beer-space on food? That's what take-away is for!

      1. Anonymous Coward
        Anonymous Coward

        Re: I don't need to friggin internet controlled fridge

        I need to save the remaining parts of the pizza I ordered to the next day.

  9. Anonymous Coward

    I can't wait

    I'm sure that some Anonymous member will figure out how to turn ip addressable light bulbs in to anti-epileptic strobe lights. I'm not really worried about that one, since neither myself or my significant other is epileptic. What I'm more worried about is someone sending an update to every smart vehicle with code that makes it swerve into the left lane if it detects a police car. I wouldn't mind them sending an update that makes the car pull gently into the right-hand lane if it detects a faster car coming up from behind, since most drivers in Atlanta don't understand this principle.

    The possibilities are endless.

    1. John Brown (no body) Silver badge

      Re: I can't wait

      "I wouldn't mind them sending an update that makes the car pull gently into the right-hand lane if it detects a faster car coming up from behind, since most drivers in Atlanta"

      Even worse, someone sends that "wrong" update to those who drive on the proper side of the road :-)

    2. TeeCee Gold badge

      Re: I can't wait

      I think most cars in Belgium already have that update.

      Maybe one day they'll add the bit that checks to see if there's something already in the lane to the right before doing it....

  10. David 45


    Hmm. Have often wondered about my so-called smart telly connected to the net. It's only a computer after all! No protection, other than being behind a router and, as the LG fiasco showed, TV manufacturers don't seem to have much idea what the mini-computers built into their smart tellies are up to.

  11. Mark 85 Silver badge

    Interesting concept

    If I were a miscreant and had some spam to send, it makes more sense to use the Internet-of-Things than using PC botnets. Chance of the things being patched.. slim to non-existent. Chance of anti-malware being put on the device... slim to non-existent. Chance of the owner/user turning it off for the day or night... slim to non-existent. Chance of the embedded software being secure.. slim to non-existent. Chance of the owner noticing that his appliance is eating kW of electricity and doing something other than what it was designed for is... slim to non-existent.

    The world has become a very scary place indeed.

  12. ecofeco Silver badge
    Paris Hilton

    As I was saying....

    Yep. Don't just give me the Internet of things, make sure it's connected to the "cloud" as well.

    Because we just live in her Idiocracy world. ------------>>>

    1. LoPath

      Re: As I was saying....

      She might have an internet connected appliance as well....

  13. John Brown (no body) Silver badge

    So, The MPAA might have been right.... accuse a printer IP address of torrenting?

  14. Thomas Allen

    Many people live in apartments

    Many people (in America) live in apartments, and we do not choose our thermostats, refrigerators, washing machines, and other large appliances. The apartment comes partially furnished. So many of us have no opportunity to practice the advice "don't buy internet connected devices." Our apartment manager will have bought these devices. Maybe they even spy on us.

    1. Anonymous Coward
      Anonymous Coward

      Re: Many people live in apartments

      NSA Rookie: Sir, something REALLY big must be going down tonight, for sure! He's just stocked up the fridge with enough frozen pizzas and beer for eight people. Maybe an illegal poker game?

      Agent Smith:(yawn) Yeah whatever, but don't bother with the video feed until he fires up the porn channel. And fetch me a beer out of that old Frigidaire we confiscated last week.

  15. Tree

    International child abuse webcam ring smashed after routine police check

    After reading this story after the kiddy pr0n one, makes one wonder if the baby bottle warmer could be doing double duty. Are there people still planting these pictures on your computer and then holding you ransom? Wait, what's that moaning coming from my oven!?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019