It’s nice to think that when you connect your fridge to the Internet of Things nobody is going to care how much milk you have, so why would anyone want to hack into it? Does anyone really care what you're watching on your smart TV?
Evidently there's a lot going on in your smart fridge than just chilling. It's no different from a computer when it comes to being compromised and used for cyber attacks. Security company Proofpoint discovered a large-scale attack in late December that “compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator,” sending out 750,000 spam emails from more than 100,000 devices.
It appears that owners of smart appliances and devices are open to attack if the router can be bypassed, and most people use really bad passwords. (I just changed mine!) Michael Osterman, principal analyst at Osterman Research, said in the news release:
“Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem.”
None of the devices used mutual authentication or enforced strong passwords. Even worse, some hindered the user from setting up a strong password on the cloud interface by restricting the authentication to a simple four-number PIN code.
I think the onus should be on the manufacturers to work this out before they sell this stuff. And they should stay out of my fridge.
Related on MNN and TreeHugger: