Refrigerators might hold spam to keep it cold in the meat bin. But in the Internet of Things world, can fridges connected to the Web blast malicious e-mail as part of a botnet? And how about TVs or other smart devices? In the stranger side of the Internet of Things, Proofpoint said it uncovered a cyberattack in which compromised refrigerators and TVs sent out malicious e-mail. But Symantec, says it saw no evidence of such an attack.
The phrase “Internet of Things” describes how a variety of household or industrial devices can be connected to the Internet for remote management. Proofpoint “has uncovered what may be the first proven Internet of Things-based cyberattack involving conventional household ‘smart’ appliances,” the security firm declared about a week ago. It was described as “a global attack campaign involving more than 750,000 malicious e-mail communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that has been compromised and used as a platform to launch attacks.”
But another security firm, Symantec, is debunking this, saying it sees no evidence of this.
+More on Network World: 21 more crazy and scary things the TSA has found on travelers | Verizon rolls out certificate services for the ‘Internet of Things’ | What to expect of the Internet of Things in 2014 +
“We monitor traffic very extensively on the Internet and we believe we’d see that happening,” says Liam O’Murchu, manager of security response operations at Symantec. “We’d never seen that happening before.” Symantec thinks Proofpoint may have erred in some of its analysis.
A modern refrigerator could have an IP address that might support a function such as testing temperature, but it would send out spam, says O’Murchu. Symantec believes that what Proofpoint likely observed was home-based routers doing network-address translation (NAT) and port forwarding in a configuration where it was actually the compromised home computer generating the spam.
We monitor traffic very extensively on the Internet and we believe we’d see that happening.
— Liam O'Murchu, manager of security response operations at Symantec
But Proofpoint says it’s sticking with its analysis that “cyber-criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into ‘thingbots’ to carry out the same type of malicious activity.”
However, when asked to name the models of the TVs and refrigerators thought to be sending out spam, Proofpoint responded it’s “not revealing the brand names of the compromised IoT devices.”
Kevin Epstein, Proofpoint’s vice president of information security, says he can’t comment on what Symantec might or might not be seeing, but “we can confirm that we observed IoT devices sending spam.”
Proofpoint is “well-aware of the port-forwarding behavior of these devices that Symantec and others have mentioned,” Epstein commented. “We then checked interface stats and uncovered evidence that the email messages had been proxied via the WAN interface, and didn’t originate from the internal NATted segment.”
Epstein concluded: “In short, we verified that these devices were configured to act as e-mail proxies, and we collected evidence that indicated active e-mail proxying was occurring.” Proofpoint says it’s “confident about what it observed.”
But Symantec remains skeptical that refrigerators and TVs have become part of some cyber-criminal botnet empire. But Symantec adds that doesn’t mean it doesn’t think there are security issues associated with the IoT.
Symantec notes that it has discovered worms that infect Linux-based IoT devices such as routers, cameras and entertainment systems. One of them, called Linux.Darlioz, is “interesting because it’s involved in a worm war with another threat known as Linux.Aidra. Darlioz checks if a device is infected with Aidra and if found, removes it from the device.”
Symantec adds, “This is the first time we’ve seen worm writers fight an IoT turf war and is reminiscent of the 2004 worm wars. Considering these devices have limited processing and memory, we’d expect to see similar turf battles in the future. While malware for IoT things is still in its infancy, IoT devices are subject to a wide range of security concerns. So don’t be surprised if in the near future, your refrigerator actually does start sending spam.”
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org