
Cyber attack that sent 750k malicious emails traced to hacked refrigerator - digisth
http://www.theage.com.au/it-pro/security-it/cyber-attack-that-sent-750k-malicious-emails-traced-to-hacked-refrigerator-tvs-and-home-routers-20140120-hv96q.html
======
jordan0day
Show this headline to 1994 me, and he'd be wondering what kind of strange
cyperpunk world we're all living in now.

2014 me sees this headline and thinks "Well duh. Of course the refrigerator
got pwned."

~~~
rfnslyr
Recently started thinking about everything I use, say, and do in my life in
the context of the past.

 _A Jamaican bobsled team raised $25,000 via Dogecoin, a crypto-currency,
based on a combination of bitcoin, the popular digital money, and Doge, the
internet meme that superimposes broken English written in Comic Sans onto
pictures of Shiba Inu dogs._

This is the future.

~~~
moocowduckquack
Is only just getting started. Is stuff like that that makes me sort of feel
sorry for the surveillance guys. We only have to enjoy the culture, they have
to try and make sense of it.

~~~
sliverstorm
_thank God, I 'm only watching the game, controlling it_

------
hawkharris
My girlfriend yelled at me today when the last chocolate pudding went missing.
I calmly explained to her that fridge-oriented cyber-attacks are becoming more
and more sophisticated.

~~~
invalidOrTaken
I laughed at this, out loud, for about a minute straight.

------
beat
"Honey, there's spam in the fridge again!"

------
Bud
This is why we don't need "smart" appliances. We need, by and large,
appliances that are as dumb as a post, unless there is some compelling reason
for them to be smart. Especially televisions. I want my TV to be "smart" like
I want my Internet pipe to be smart, which is to say, not at all.

~~~
Karunamon
Security implications of technology is never a valid argument against
furthering technology. Otherwise we wouldn't have the internet ;)

I'd love to have a fridge that could tell me its contents and give me a
shopping list based on what I've recently cooked and what I have on hand and
what's about ready to expire.

~~~
eurleif
>Security implications of technology is never a valid argument against
furthering technology.

 _Never_? So you would accept an Internet-connected pacemaker without a second
thought? There are clearly tradeoffs. Saying security should never overrule
advancement seems a little extreme.

~~~
Karunamon
Security is just another branch of technology. I'd see nothing wrong with a
pacemaker being IP-connected (though the logistics of how you'd do that escape
me) as long as the remote side used proper authentication, multifactor, etc.

~~~
sliverstorm
But why _would_ you? An IP-addressable pacemaker serves what purpose, exactly?

Two-factor or not, you are introducing risk, complexity, and power consumption
for what?

~~~
aestra
[http://www.nytimes.com/2008/03/12/business/12heart-
web.html?...](http://www.nytimes.com/2008/03/12/business/12heart-
web.html?_r=1&)

It says right there there are already Internet connected pacemakers.

>But device makers have begun designing them to connect to the Internet, which
allows doctors to monitor patients from remote locations.

What's the benefit of wireless communication on pacemakers? Oh I don't know,
how about having the ability to make a minor adjustment without having to go
through a major surgery.

------
csense
Anything network-connected will probably eventually have some vulnerability
discovered when it's out in the wild.

There's a business opportunity here: Anyone who makes a hardware device can
pay a fee. In return they get to apply your company's branding to the
hardware. They must submit their source code to you in escrow and provide you
the keys to a remote update mechanism.

You promise to only look at the their source code if there's a security flaw
in their device and they're unresponsive.

This way consumers still have some protection against insecure devices even
when a manufacturer goes out of business or stops supporting a product line.
You might want to include an expiration date on the branding ("Protected by
SecureDevice until January 2018") to keep yourself from the unsustainable
situation of providing unbounded support for a finite fee.

I was going to call this a "startup opportunity," but I think it'd work best
for a company who's already convinced lots of vendors to pay a fee for a
hardware certification (e.g. someone who certifies compliance with key
standards, or an OS vendor like Microsoft / Apple)

------
skybrian
Some are skeptical: [http://arstechnica.com/security/2014/01/is-your-
refrigerator...](http://arstechnica.com/security/2014/01/is-your-refrigerator-
really-part-of-a-massive-spam-sending-botnet/)

------
dguido
Is there any real information about this? All I've seen is a press release
with more marketing info than details.

------
herbig
So it wasn't fully traced then?

This is mostly just a Proofpoint advertisement.

------
bpicolo
Good job with the misleading HN title.

~~~
digisth
There's an 80 character title limit on HN.

~~~
bpicolo
Then reword it to fit. As is it's not even close to accurate.

~~~
jdmichal
HN mods also enforce titles being the same as the original to reduce
sensationalism and editorializing. Even if OP did reword it to fit, a mod
would just change it back.

------
001sky
It's only a matter of time until we have self-driving refrigerators /NBd

------
chris_wot
When the salesman said my fridge could "handle spam", he wasn't kidding!

------
ep103
Alright, now where's the Snowden leak describing how the NSA is tracking my
meals?

~~~
SimHacker
When Ted Selker was at the MIT Media Lab, he directed an augmented reality
smart kitchen project called "Counter Intelligence".
[http://web.media.mit.edu/~selker/](http://web.media.mit.edu/~selker/)
[http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=87D...](http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=87D98335CC767EED29EE1EBFB810682F?doi=10.1.1.88.2875&rep=rep1&type=pdf)

"ABSTRACT: The kitchen is a complex and dangerous multi-user work environment
that can benefit from augmented reality techniques to help people cook more
safely, easily and efficiently. We present Counter Intelligence, a
conventional kitchen augmented with the projection of information onto its
objects and surfaces to orient users, coordinate between multiple tasks and
increase confidence in the system. Five discrete systems gather information
from the kitchen and display information in an intuitive manner with special
consideration for directing the user’s attention. This paper presents the
design of these systems and results of initial evaluations."

------
beat
Well, it makes sense. Many/most of these appliance devices are running Linux,
because it's easy. Root one, install what you want, and because they're all
identical it's easy to find and root many of them.

------
ChrisNorstrom
"HealthCare.gov taken down by virus infected Coffee Maker"

"Chinese Malware Infected Elmo takes down New York Power Grid"

"6 million spam gmail accounts linked back to internet connected 'smart
pencil'"

"Northern Deep Freeze caused by hacked Nest Thermostats"

"Surge Protector accidentally leaks Confidential White House Emails"

