dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
922

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

6 recommendations

Blackbird

Premium Member

The Attacks Begin From the Internet of Things

Well, that certainly didn't take long... folks have been wondering when all this Internet-of-Things horsepower would start being harnessed by the dark side. Now it begins. From: Refrigerator To Attack Businesses
quote:
Security researchers at Proofpoint have uncovered the very first wide-scale hack that involved television sets and at least one refrigerator. Yes, a fridge. This is being hailed as the first home appliance "botnet" and the first cyberattack from the Internet of Things.
...
...hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, Proofpoint says. They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide. ...

tempnexusawa
@verizon.net

2 recommendations

tempnexusawa

Anon

Sure adds a new meaning to the "Is your fridge running?" joke.

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

4 recommendations

DownTheShore to Blackbird

Premium Member

to Blackbird
I still can't figure out why people would want their kitchen appliances linked to their home networks.

goalieskates
Premium Member
join:2004-09-12
land of big

2 recommendations

goalieskates to Blackbird

Premium Member

to Blackbird
So who owned the botnet? Our friends from the NSA?

(joke - I hope)

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird to DownTheShore

Premium Member

to DownTheShore
said by DownTheShore:

I still can't figure out why people would want their kitchen appliances linked to their home networks.

Because the advertising and sales person's hype persuaded them? I know of not one person who ever sought out a refrigerator with Internet connectivity because, on their own, they thought up that it would be a great idea, well worth the added cost.

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

2 recommendations

DownTheShore

Premium Member

That must be it, I guess.

The following appliance presumes there will be no traffic tie-ups on the GWB: »www.tmio.com/products/

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

2 recommendations

Blackbird

Premium Member

said by DownTheShore:

The following appliance presumes there will be no traffic tie-ups on the GWB: »www.tmio.com/products/

One can but wonder when the first reports will arrive of somebody returning home to a house in flames because some hacker-kiddie hacked their oven's processor so the roast that the owner planned on commanding to turn on at 3 or 4pm got turned on at 8am, just after everyone left home... crisp-ifying the roast and half the kitchen.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

2 recommendations

Name Game

Premium Member

Last night one of those bots dropped a load in my ILoo and stole all my passwords on the bog paper. Now all I get is an 'Out of Paper' error message »en.wikipedia.org/wiki/ILoo

»www.dailytech.com/Hacker ··· 161c.htm

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

2 recommendations

Blackbird

Premium Member

This is the part I really love (from the dailytech site):
quote:
... Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur," said David Knight, general manager of Proofpoint's information security division. (BB bolding and underlining)
An infection can check in, but the appliance owner can't make it check out. So...
Virus removal technique #1 for Inet-connected refrigerator: send it to the landfill.
Virus removal technique #2 for Inet-connected refrigerator: there is no #2... see #1.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

PMSL could just keep them on ice and try shock treatment.

garys_2k
Premium Member
join:2004-05-07
Farmington, MI

garys_2k to Blackbird

Premium Member

to Blackbird
I can't help but wonder if the users just kept them behind a half-way decent NAT router then this wouldn't happen.

I'd assume that the first point of failure was leaving the router with its default account name and password (and allowing it to be accessed from the WAN side). Of course, all the other things inside were likely left with the defaults, too.

Same old same old, I guess. Not being aware of the need to really learn how to use the fancy stuff you buy.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by garys_2k:

I can't help but wonder if the users just kept them behind a half-way decent NAT router then this wouldn't happen.

I'd assume that the first point of failure was leaving the router with its default account name and password (and allowing it to be accessed from the WAN side). ...

From LG Internet Refrigerator:
quote:
The LG adverts on telly don't do it justice. ... It also has an inbuilt hard drive and modem, so that the appliance can be 'connected' by simply running a phone connection into it. ...
Which is precisely how most buyers will hook it up, along with all the rest of these similar "connected" appliances. The only exceptions will be the ones with WiFi-only links (like the "connected" toothbrush I encountered the other day in a CVS drug store display).
HarryH3
Premium Member
join:2005-02-21

3 recommendations

HarryH3 to garys_2k

Premium Member

to garys_2k
said by garys_2k:

Not being aware of the need to really learn how to use the fancy stuff you buy.

It's more a failure on the part of the manufacturers. Few people that purchase a new car give a ratz a$$ what OS the engine management computer runs, or how to reprogram it. They don't know the technical specifications for the camshaft either. The vast majority just want to be able to drive places in a car that doesn't break down. To them, a car is nothing more than a transportation appliance.

The general public is looking for (and expects!) that same ease of use and reliability from the tech stuff that they purchase. They are NOT interested in becoming IT experts, or managing routers and firewalls, nor should they need to, if their tech products were designed properly in the first place.

How often does your mechanic suggest that you should be changing your own brake pads? (Or, perhaps more appropriately, what if the brake pads were shipped in the trunk of the car, with the expectation that the purchaser should just "know" that they must install them BEFORE driving?)

Those with lots of technical know-how seem to assume that somehow, everyone on the planet has that same skill set. It just isn't so.

dumb fridge
@mycingular.net

dumb fridge to Blackbird

Anon

to Blackbird
I never thought I'd be thrilled that our fridge is so dumb that it occasionally freezes the lettuce.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to HarryH3

Premium Member

to HarryH3
said by HarryH3:

said by garys_2k:

Not being aware of the need to really learn how to use the fancy stuff you buy.

It's more a failure on the part of the manufacturers. Few people that purchase a new car give a ratz a$$ what OS the engine management computer runs, or how to reprogram it. ...

The general public is looking for (and expects!) that same ease of use and reliability from the tech stuff that they purchase. They are NOT interested in becoming IT experts, or managing routers and firewalls, nor should they need to, if their tech products were designed properly in the first place.
...
Those with lots of technical know-how seem to assume that somehow, everyone on the planet has that same skill set. It just isn't so.

If you mess with fire, you'd better have at least a basic grasp of heat and flame - regardless of who sells you the matches. With anything, there rests an inherent responsibility upon each user to have a basic understanding of what he's doing and the risks/dangers involved (if any). That said, certainly manufacturers and salesmen also have a responsibility to inform their customers of the basic risks/dangers of their product, just as a clerk has responsibilities if a 6-year-old wants to buy matches from him. I strongly doubt that the makers or sellers of most "connected" appliances are doing anything in the realm of alerting customers to the risks/dangers of the unit being online... in fact, most computer dealers never even bring up the issue, unless it's to try to get an added sale for an AV package.

lolzkat
@sky.com

5 recommendations

lolzkat to DownTheShore

Anon

to DownTheShore

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to Blackbird

MVM

to Blackbird
Once again the challenge of 'making it work' has completely omitted security, dam we are good at forgetting that lesson.

Naming of malware is going to get way better, given the type of devices infected, malware for your smart fridge, name it 'RancidMilk' virus, got malware on your smart toilet, call it the 'ReverseFlush' worm.

Oh the fun is going to be great.

Blake
DarkSithPro (banned)
join:2005-02-12
Tempe, AZ

DarkSithPro (banned) to Blackbird

Member

to Blackbird
LOL, why would you want your fridge connected to the internet? Oh shit, hackers just thawed out my steaks and froze my milk!

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird

Premium Member

said by DarkSithPro:

LOL, why would you want your fridge connected to the internet? Oh shit, hackers just thawed out my steaks and froze my milk!From the LG writeup:

From the LG writeup:
quote:
...Users can watch TV, listen to MP3 music, take and store digital photos, make a video phone call, use the fridge as a message board or surf the web. It also has VCR and DVD ports, a microphone and speakers. Information about food in the fridge can be stored and a map of the fridge allows the owner to keep an inventory of what foods are in each section and how long they have been there. It's biggest advantage will be its functionality as a food management system.
Hmm. I always thought you could tell all you needed about the age of food in the refrigerator by looking at it... if it's green but that's not what it was when you put it in, it's too old. As far as TV, I'm really not into sitting on a stool in the aisle-way in front of the fridge staring at a 14" screen. I really don't need a microphone... I can usually make myself heard across the kitchen without needing a bullhorn. As far as needing a map of the food that's in the fridge, I have eyes to do that... and if I can't see all that's in there, it's time to get rid of some stuff.
DarkSithPro (banned)
join:2005-02-12
Tempe, AZ

DarkSithPro (banned)

Member

I'm sorry, but the person, or persons who thought of these ridiculous ideas about pictures and mp3s from a fridge needs to take their head out of the freezer and let it thaw out. Who the hell wants their refrigerator to take pictures of them taking food out? MP3s from the fridge? What's next Facebook chat about recopies from housewives for dinner time?

garys_2k
Premium Member
join:2004-05-07
Farmington, MI

garys_2k

Premium Member

Totally agree, that whole concept should've died in 2000 with the tech crash. Dumb and dumber.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Blackbird

Premium Member

to Blackbird
Click for full size
Now they are hacking the VSAT Terminals..

»intelcrawler.com/about/press05
and moving rocks !

»www.dailymail.co.uk/scie ··· led.html
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Blackbird

MVM

to Blackbird
said by DownTheShore:

I still can't figure out why people would want their kitchen appliances linked to their home

networks.

Internet-enabled anything... ahh, the grand old vision is still alive and well... and refuses to die. *sighs*

Regards

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to Name Game

Premium Member

to Name Game
said by Name Game:

Now they are hacking the VSAT Terminals..
»intelcrawler.com/about/press05 ...

And, if you look at that intelcrawler diagram, that ominous little cloud on the left labeled "Internet Public Network" is the source of the problem... they're tying a public network directly into their sensitive-data system. It's the worst, and most basic, violation of red-black security methodology: not fully isolating your equipment carrying sensitive traffic from equipment tied into a public-traffic network. It's the grand illusion of our era... that somehow we can let the entire world take a 24/7 digital whack at our portals into sensitive traffic paths and somehow manage to keep the bad guys out.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to DarkSithPro

MVM

to DarkSithPro
Sales, it often about nothing other than sales and getting your money into my pocket so I got to come up with a idea and no matter how bogus it is, I need to convince you that its a gotta have feature so you dump your old working fridge, for one of these new internet enabled fridges. The really sad part about this is one day our kids will wonder how their parents ever survived without an internet connected fridge.

There are so many place that IoT makes sense, for resource usage optimization for example, that stupid reasons really shouldn't be needed to fuel IoT, but marketing never misses an opportunity to milk more money from their customers.

Blake
OZO
Premium Member
join:2003-01-17

1 recommendation

OZO to goalieskates

Premium Member

to goalieskates
said by goalieskates:

So who owned the botnet? Our friends from the NSA?

(joke - I hope)

I guess the same guys, who designed the notorious "Stuxnet" to promote a cyberwar...
daveinpoway
Premium Member
join:2006-07-03
Poway, CA

2 recommendations

daveinpoway to HarryH3

Premium Member

to HarryH3
Since the average person who will be buying one of these Internet-connected devices will be operating at or below the "toaster" level ("My PC is a toaster"), they will not have any concept of the security implications. Basically, if a device needs a firewall to keep it secure, this needs to be built into the device itself. Since the data throughput requirements are not very stringent (who cares if a fridge takes an extra 10 minutes to make a report?), the firewall can be based on a low-cost Atom or ARM chip.

Some people I know are so lax about security that it is truly scary. One guy never updates Windows XP (and he has blocked Microsoft from updating it). When I tried to tell him that this is stupid, he said that "he has Norton, so he doesn't need anything else". Another guy doesn't know how to set a wireless password, so he runs his wireless network wide-open, with no authentication whatsoever. Are people like this going to secure their "smart" appliances? Highly unlikely.