Welcome!

SOA & WOA Authors: Mark O'Neill, Elizabeth White, Trevor Parsons, Lori MacVittie, Gigaom Research

Related Topics: IoT Expo, SOA & WOA, Virtualization, Web 2.0, Cloud Expo, Security

IoT Expo: Blog Feed Post

The Icebox Cometh

Will the Internet of Things turn homes into a House of Cards?

Our homes are being invaded…but not with critters that you’d call an exterminator for.  Last summer I wrote Hackable Homes about the potential risks of smart homes, smart cars and vulnerabilities of just about any-’thing’ connected to the internet.  (I know, everyone loves a bragger)  Many of the many 2014 predictions included the internet of things as a breakthrough technology? (trend?) for the coming year.  Just a couple weeks ago, famed security expert Bruce Schneier wrote about how the IoT (yes, it already has it’s own 3 letter acronym) is wildly insecure and often unpatchable in this Wired article.  And Google just bought Nest Labs, a home automation company that builds sensor-driven, WiFi enabled thermostats and smoke detectors.

So when will the first refrigerator botnet launch?  It already has.

Last week, Internet security firm Proofpoint said the bad guys have already hijacked up to 100,000 devices in the Internet of Things and used them to launch malware attacks.  The first cyber attack using the Internet of Things, particularly home appliance botnets.  This attack included everything from routers to smart televisions to at least one refrigerator.  Yes, The Icebox!  As criminals have now uncovered, the IoT might be a whole lot easier to infiltrate than typical PCs, laptops or tablets.

During the attack, there were a series of malicious emails sent in 100,000 lots about 3 times a day from December 23 through January 6.  they found that over 25% of the volume was sent by things that were not conventional laptops, desktops or mobile devices.  Instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and that one refrigerator.  These devices were openly available primarily due to the fact that they still had default passwords in place.

If people don’t update their home router passwords or even update the software, how are they going to do it for the 50+ (give or take) appliances they have in their home?  Heck, some people have difficulty setting the auto-brew start time for the coffee pot, can you imagine the conversations in the future?  ‘What’s the toaster’s password?  I need to change the bagel setting!‘  Or  ‘Oh no!  Overnight a hacker replaced my fine Kona blend with some decaf tea!‘  Come on. Play along!  I know you got one you just want to blurt out!

I understand this is where our society/technology/lives are going and I really like the ability to see home security cameras over the internet but part of me feels, is it really necessary to have my fridge, toaster, blender and toilet connected to the internet?  Maybe the fridge alerts you when something buried in back is molding.  I partially get the thermostats and smart energy things but I can currently program my thermostat for temperature adjustments without an internet connection.  I push a few buttons and done. Plus I don’t have to worry about someone firing up my furnace in the middle of July.

We have multiple locks on our doors, alarm systems for our dwellings, security cameras for our perimeter, dogs under the roof and weapons ready yet none of that will matter if the digital locks for our ‘things’ are made of dumpling dough.  Speaking of dumplings, the smart-steamer just texted me with a link to see the live feed of the dim sum cooking – from inside the pot!

My mind just texted my tummy to get ready.

ps

Related:

 

Read the original blog entry...

More Stories By Peter Silva

Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product evangelism for F5’s security line. He's also produced over 200 F5 videos and recorded over 50 audio whitepapers. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.