Skip Links

Can TVs and refrigerators really spew botnet spam?

Proofpoint says its very possible; Symantec says not so much

By , Network World
January 27, 2014 11:47 AM ET

Network World - Refrigerators might hold spam to keep it cold in the meat bin. But in the Internet of Things world, can fridges connected to the Web blast malicious e-mail as part of a botnet? And how about TVs or other smart devices? In the stranger side of the Internet of Things, Proofpoint said it uncovered a cyberattack in which compromised refrigerators and TVs sent out malicious e-mail. But Symantec, says it saw no evidence of such an attack.

The phrase “Internet of Things” describes how a variety of household or industrial devices can be connected to the Internet for remote management. Proofpoint “has uncovered what may be the first proven Internet of Things-based cyberattack involving conventional household ‘smart’ appliances,” the security firm declared about a week ago. It was described as “a global attack campaign involving more than 750,000 malicious e-mail communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that has been compromised and used as a platform to launch attacks.”

But another security firm, Symantec, is debunking this, saying it sees no evidence of this.

+More on Network World: 21 more crazy and scary things the TSA has found on travelers | Verizon rolls out certificate services for the ‘Internet of Things’ | What to expect of the Internet of Things in 2014 +

“We monitor traffic very extensively on the Internet and we believe we’d see that happening,” says Liam O’Murchu, manager of security response operations at Symantec. “We’d never seen that happening before.” Symantec thinks Proofpoint may have erred in some of its analysis.

A modern refrigerator could have an IP address that might support a function such as testing temperature, but it would send out spam, says O’Murchu. Symantec believes that what Proofpoint likely observed was home-based routers doing network-address translation (NAT) and port forwarding in a configuration where it was actually the compromised home computer generating the spam.

We monitor traffic very extensively on the Internet and we believe we’d see that happening.

But Proofpoint says it’s sticking with its analysis that “cyber-criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into ‘thingbots’ to carry out the same type of malicious activity.”

However, when asked to name the models of the TVs and refrigerators thought to be sending out spam, Proofpoint responded it’s “not revealing the brand names of the compromised IoT devices.”

Kevin Epstein, Proofpoint’s vice president of information security, says he can’t comment on what Symantec might or might not be seeing, but “we can confirm that we observed IoT devices sending spam.”

Proofpoint is “well-aware of the port-forwarding behavior of these devices that Symantec and others have mentioned,” Epstein commented. “We then checked interface stats and uncovered evidence that the email messages had been proxied via the WAN interface, and didn’t originate from the internal NATted segment.”

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News