It’s nice to think that when you connect your fridge to the Internet of Things nobody is going to care how much milk you have, so why would anyone want to hack into it? Does anyone really care what you're watching on your smart TV?

Evidently there's a lot going on in your smart fridge than just chilling. It's no different from a computer when it comes to being compromised and used for cyber attacks. Security company Proofpoint discovered a large-scale attack in late December that “compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator,” sending out 750,000 spam emails from more than 100,000 devices. 

It appears that owners of smart appliances and devices are open to attack if the router can be bypassed, and most people use really bad passwords. (I just changed mine!) Michael Osterman, principal analyst at Osterman Research, said in the news release:

 “Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem.”
Security company Symantec studied the issue and has released a fascinating report in which they note that many Internet-connected devices are accidents waiting to happen. Once an attacker has cracked the WiFi password (easy to do given how weak most passwords are), then the game is afoot.
None of the devices used mutual authentication or enforced strong passwords. Even worse, some hindered the user from setting up a strong password on the cloud interface by restricting the authentication to a simple four-number PIN code.
Their recommendations put a lot of onus on the owner and fly in the face of the plug-and-play marketing of Internet of Things devices, suggesting strong passwords, disabling devices when not in use (good luck getting smart TV owners to do that) and forget WiFi — use wired connections instead of wireless wherever possible. Oh, and have a separate home network for all those devices so that they cannot talk to your computer. Unfortunately all of these suggestions are so onerous and time-consuming that it's unlikely that anyone would do them. 

I think the onus should be on the manufacturers to work this out before they sell this stuff. And they should stay out of my fridge. 

Related on MNN and TreeHugger:

Lloyd Alter ( @lloydalter ) writes about smart (and dumb) tech with a side of design and a dash of boomer angst.

Is your smart home safe or has it become an evil botnet?
On the Internet of Things, your smart appliances can be taken over and used for evil purposes if you are not careful.