A recent web attack has compromised over 100,000 smart gadgets (such as kitchen appliances, media PC’s and smart TV sets) into sending out spam emails. The attack (uncovered by Proofpoint) is believed to be one of the first to exploit the lax security on devices that are part of the ‘internet of things.’
About 25% of the messages seen by Proofpoint researches didn’t pass through laptops, desktops or smartphones, however the malware managed to get itself installed on other smart devices. The onboard computer processors in these devices act as a self-contained web server to handle communication and other sophisticated functions.
David Knight (General Manager of Proofpoint’s Information Security Division) speculates that the malware that allowed spam to be sent from these devices was able to install itself because many of the gadgets were poorly configured or used default passwords that left them exposed. He added “many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur.”