California-based security firm Proofpoint has discovered that hackers used smart Internet-connected home appliances to deliver malicious emails in what’s considered to be the first proven attack that involves the “Internet of things,” The Sydney Morning Herald reports. According to the company, during December 23 and January 6, “waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide” were seen. Of those, more than 25% originated from Internet of things devices that were hacked for the purpose, instead of traditional “laptops, desktop computers or mobile devices.” No more than 10 emails were initiated from the same device, which made the attack all the more difficult to spot.
The botnet, which included Smart TVs and smart fridges, delivered more than 750,000 malicious emails. Hackers were apparently able to also compromise routers and multimedia centres connected to the web to deliver the attacks.
“Botnets are already a major security concern and the emergence of thingbots may make the situation much worse,” Proofpoint’s David Knight said. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them.”
Meanwhile, companies continue to develop more smart devices and integrate them in smart home concepts. At CES 2014, Samsung, LG and Archos introduced new plans to connect more smart appliances and other home devices to smartphones and tablets, while Google purchased Nest Labs a few days ago, the makers of the popular smart Nest thermostat.