Spamming fridges and remote hijackings - pitfalls of a digital world
Those security-risk scenarios may not be as far-fetched as you think. Indeed, a fridge has already been caught sending spam.
Security provider Thinkpoint said last month it had uncovered more than 750,000 malicious emails from more than 100,000 everyday consumer gadgets such as home-networking routers, multi-media centres, televisions, and at least one refrigerator.
Just as hackers can take over personal computers, creating robot-like “botnets” to send spam or other emails, now they are compromising internet- connected objects, or “thingbots’ for the same ends.
“Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur,” said David Knight, general manager of Proofpoint’s information security division.
Rik Ferguson, vice president in charge of security research for Japan- headquartered Trend Micro, said more ominous threats are emerging as more and more everyday objects are connected online and to smartphones, a phenomenon known as the “Internet of Things”.
“Things like connected cars bring the risk of physical damage to persons and property in an attack,” Ferguson said. “If you can get in through the entertainment system for example, and work your way through the rest of the car if it has not been adequately secured and disable the brakes, then you are going to cause all kinds of damage.”
Equally, a hacker could target a traffic control system, he said.
Last year, a security consultant claimed he could even hijack a passenger plane using a smartphone Android application, Ferguson noted.
The US Federal Aviation Administration manufacturer quickly denied such a vulnerability actually existed. Even if such spectacular attacks are not an immediate threat, our vulnerability is growing as the internet spreads its reach yet deeper into our lives, said Vicente Diaz, senior malware analyst at online security group Kaspersky Lab.
More devices mean more opportunities for infiltration, he said. “That could lead to cross-device infections, but more worrisome is the potential lack of security software and security updates in such devices.”
Security researchers had already demonstrated, for example, that a car could be hacked and used remotely just by sending an SMS text message, he said.
Just using a smartphone application can leak reams of personal information if the device has already been compromised, Diaz said.
The Guardian last month published documents it said were from US intelligence leaker Edward Snowden indicating that US and British spies had been developing ways to use data from smartphone apps such as smash-hit game Angry Birds.
“Apps such as Angry Birds ask for many permissions, geolocation being an example for some versions. This data is transmitted back home, and is undoubtably juicy for any mass-surveillance operation,” Diaz said.
Rovio, the developer of Angry Birds, stressed it does not share data, collaborate or collude with any government spy agencies.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
