New online menaces: from spamming fridges to hijackers

Feb 27, 2014 by David Williams
A visitor speaks on his phone in Barcelona on February 25, 2014, on the second day of the 2013 Mobile World Congress

It has to be annoying when your fridge sends spam without your knowledge, but how would you feel if a hacker with a smartphone disabled your car brakes or even remotely hijacked your plane?

Those security-risk scenarios may not be as far-fetched as you think.

Indeed, a fridge has already been caught sending .

Security provider Thinkpoint Inc. said last month it had uncovered more than 750,000 malicious emails from more than 100,000 everyday consumer gadgets such as home-networking routers, multi-media centres, televisions and at least one refrigerator.

Just as hackers can take over personal computers, creating robot-like "botnets" to send spam or other emails, now they are compromising Internet-connected objects, or "thingbots' for the same ends.

"Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur," said David Knight, general manager of Proofpoint's information security division.

Rik Ferguson, vice president in charge of security research for Japan-headquartered Trend Micro, said the most common mobile security threats now were viruses designed to make your send a premium-cost or even make a premium-cost call without your knowledge.

Next on the list is spyware, which collects personal information like an address book for malicious ends such as fraud or spam, extending in rare cases to taking video images or sound from an infected device.

But a new, potentially more ominous threat is emerging as more and more everyday objects are connected online and to smartphones, a phenomenon known as the "Internet of Things".

"Things like connected cars bring the risk of physical damage to persons and property in an attack," Ferguson said in the run-up to the February 24-27 World Mobile Congress in Barcelona, Spain.

Hacking a car by SMS

"If you can get in through the entertainment system for example, and work your way through the rest of the car if it has not been adequately secured and disable the brakes, then you are going to cause all kinds of damage."

It has to be annoying when your fridge sends spam without your knowledge, but how would you feel if a hacker with a smartphone disabled your car brakes or even remotely hijacked your plane?

Equally, a hacker could target a traffic control system, he said.

Last year, a security consultant claimed he could even hijack a passenger plane using a smartphone Android application, Ferguson noted.

The US Federal Aviation Administration manufacturer quickly denied such a vulnerability actually existed.

Even if such spectacular attacks are not an immediate threat, our vulnerability is growing as the Internet spreads its reach yet deeper into our lives, said Vicente Diaz, senior malware analyst at online security group Kaspersky Lab.

More devices mean more opportunities for infiltration, he said.

"That could lead to cross-device infections, but more worrisome is the potential lack of security software and security updates in such devices," he said.

Security researchers had already demonstrated, for example, that a car could be hacked and used remotely just by sending an SMS text message, he said.

Consumers were sometimes responsible for unwittingly increasing their risks, Diaz warned.

Many people seemed to be happy to trade their privacy for free services, for example allowing free email or messaging applications access to personal data, he said.

Just using a smartphone application can leak reams of personal information if the device has already been compromised, Diaz said.

The Guardian newspaper last month published documents it said were from US intelligence leaker Edward Snowden indicating that US and British spies had been developing ways to use data from smartphone apps such as the smash-hit game Angry Birds.

"Apps such as Angry Birds ask for many permissions, geolocation being an example for some versions. This data is transmitted back home, and is undoubtably juicy for any mass-surveillance operation," Diaz said.

It has to be annoying when your fridge sends spam without your knowledge, but how would you feel if a hacker with a smartphone disabled your car brakes or even remotely hijacked your plane?

Finland-based Rovio, the developer of Angry Birds, has stressed that it does not share data, collaborate or collude with any government spy agencies.

"When talking about privacy, having more devices connected to the Internet sending information of ourselves does not sound like great news," Diaz warned.

"So if you are a user worried about your privacy, be careful in what you consciously share, what permissions your apps are requesting and what technologies better fit your needs."

Explore further: Cyberattack traced to hacked refrigerator, researchers report

add to favorites email to friend print save as pdf

Related Stories

Fighting the rise of the app attackers

Feb 26, 2014

Researchers have been given a share of £3 million by the Engineering and Physical Sciences Research Council (EPSRC) to counter cyber-criminals who are using malicious apps which can collude with each other to infect the ...

Surge in mobile network infections in 2013, says report

Jan 29, 2014

Alcatel-Lucent today released new data showing that security threats to mobile devices continues its rapid rise, infecting at any time more than 11.6 million devices and putting their owners at increased risk for stolen personal ...

Recommended for you

Team infuses science into 'Minecraft' modification

11 hours ago

The 3-D world of the popular "Minecraft" video game just became more entertaining, perilous and educational, thanks to a comprehensive code modification kit, "Polycraft World," created by University of Texas at Dallas professors, ...

Microsoft's Garage becomes an incubator of consumer apps

13 hours ago

For five years now, The Garage has served as Microsoft's incubator for employees' passion projects, an internal community of engineers, designers, hardware tinkerers and others from all different parts of the company who ...

Students win challenge for real-time traffic app

13 hours ago

Three University of Texas at Arlington Computer Science and Engineering students have won a $10,000 prize in the NTx Apps Challenge for a smart traffic light network that adjusts traffic light schedules to ...

Blink, point, solve an equation: Introducing PhotoMath

Oct 22, 2014

"Ma, can I go now? My phone did my homework." PhotoMath, from the software development company MicroBlink, will make the student's phone do math homework. Just point the camera towards the mathematical expression, ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
5 / 5 (1) Feb 27, 2014
Regarding the security of Internet things, it's not an intractable problem. If (when) spectacularly painful (e.g. loss of life) security incursions occur, we'll see action taken to solve the problem. If nothing else, regulatory oversight that no one wants.
kochevnik
5 / 5 (2) Feb 27, 2014
Crackers, not hackers