When Fridgebots Attack: suppliers must be alert to Smart appliance malware risk

As leading appliance brands such LG, Panasonic and Siemens continue to unveil and demonstrate connected homes, where appliances communicate with each over internet networks, an American security company has issued a prescient warning of the dangers that may arise from Smart appliances.

Proofpoint, a publicly traded security as a service company based in California, revealed last week that an internet refrigerator had been compromised by cybercriminals and used to send malicious emails in a global attack that included 100,000 connected devices.

Click here to sign up for our free daily newsletter

While the dangers of viruses and malware on computers and smartphones are well documented, this is believed to be the first time that a Smart appliance had been used in such a co-ordinated attack.

“Just as personal computers can be unknowingly compromised to form robot-like ‘botnets’ that can be used to launch large-scale cyber attacks, Proofpoint’s findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into ‘thingbots’ to carry out the same type of malicious activity,” said a Proofpoint spokesperson.

The Internet of Things is a growing phenomenon and was very buzzy at the 2014 International CES earlier this month. The term refers to objects in a defined space that are connected together, either via cables or wirelessly. For example, an Internet of Things in the home could be a washer and dryer that can be controlled via a PC through the internet router, or a refrigerator that can push menus to an oven.

The attack Proofpoint identified happened between 23 December 2013 and 6 January 2014, involving “waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide”.

Since LG’s much-hyped but ultimately unsuccessful internet fridge launch in the early 2000s, various manufacturers have experimented with various connected appliance configurations and ideas.

Hoover launched an iPad-controlled oven at Eurocucina in 2012, LG has an air conditioner that is regulated via a smartphone app and Crock-Pot last week unveiled the first mainstream Smart small appliance.

Other concepts that have been floated included a refrigerator that can analyse its contents, suggest meals, and then push the recipe to the oven; and laundry appliances that can be monitored and controlled via Smart TVs.

At the IFA conference in Berlin in September 2013, Siemens outlined how important it believes connected appliances will be in the near future:

“Due to the smartphone and tablet revolution of the past few years, the demand for complete networking, the highest operating comfort and modern design has grown enormously,” the company said.

While the previous attempts at connected appliances have fallen flat and are largely considered either novelty or too complex, the next batch of networked models are expected to be a function of consumer demand, rather than suppliers grandstanding.

“The networked home is no longer just a vision,” Siemens continued. “It is firmly anchored in the expectations of the younger generation. With high-resolution displays and a sophisticated operating dialog, the Siemens design is already facilitating communication between humans and machines.

Panasonic is another Tier 1 supplier with a bold vision for connected appliances. In the Japanese company’s case, the Cloud and voice control was central to the prototype Internet of Things it showcased in Berlin.

“We will use cloud technology to make home appliances easier to use,” said Panasonic Europe chairman and CEO Laurent Abadie. “Users will be able to control appliances with gesture and voice controls, and the appliance will intuitively understand what they mean.

“Appliances will be able to understand various languages and will remember past controls to become better at understanding commands.”

While major manufacturers invest more and more research and development funds into Smart appliance concepts, it is also becoming much easier for smaller companies and OEM sourcing agents to add connectivity as a feature to new products.

The aforementioned Smart slow cooker by Crock-Pot is one example of a brand using Belkin’s inchoate WeMo technology to essentially hitch internet connectivity onto a product. Another example from the CES was a Smart LED lightbulb which, though WeMo connects to an internet router and can then switched on or off from a smartphone, tablet or PC.

It won’t be long, experts say, until we see coffee machines, robot vacuums, microwaves and other small appliances using WeMo or similar technology to connect to an Internet of Things in the home for remote control and networked functionality.

So close is this super-intelligent, science fiction inspired future to becoming a reality, Google has made its beachhead acquisition into this realm, purchasing Nest, an American supplier of Smart thermostats and networked smoke detectors, for $3.5 billion.

Google already has its own desktop and mobile operating systems, owns manufacturer Motorola and has close ties to LG Electronics, having partnered on the successful Nexus smartphones. It’s not hard to envisage a home comprising appliances, sensors, utilities and, of course, computers and tablets, all controlled via a Google smartphone running Google software or even third party applications, purchased from Google Play, that import new functionality to a previously traditional product.

The news, therefore, that the cyber criminals are already targeting our appliances, which are “poorly protected at best”, according to David Knight, GM of Proofpoint, should prove troubling for these various suppliers. Making it even scarier for users, Knight says “consumers have virtually no way to detect or fix infections when they do occur”.

There’s an old joke that prank callers ask — ‘is your fridge running? Well then you better go catch it’ — it could be that before too long, your fridge isn’t running down the street but running a malware operation right out of your kitchen.

Featured Image: Hoover’s user interface for its connected appliances, called ‘Candy’.

Leave a Reply

Your email address will not be published. Required fields are marked *