Refrigerators might hold spam to keep it cold in the meat bin. But in the Internet of Things world, can fridges connected to the Web blast malicious e-mail as part of a botnet? And how about TVs or other smart devices? In the stranger side of the Internet of Things, Proofpoint said it uncovered a cyberattack in which compromised refrigerators and TVs sent out malicious e-mail. But Symantec, says it saw no evidence of such an attack.
The phrase "Internet of Things" describes how a variety of household or industrial devices can be connected to the Internet for remote management. Proofpoint "has uncovered what may be the first proven Internet of Things-based cyberattack involving conventional household smart' appliances," the security firm declared about a week ago. It was described as "a global attack campaign involving more than 750,000 malicious e-mail communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that has been compromised and used as a platform to launch attacks."
But another security firm, Symantec, is debunking this, saying it sees no evidence of this.
"We monitor traffic very extensively on the Internet and we believe we'd see that happening," says Liam O'Murchu, manager of security response operations at Symantec. "We'd never seen that happening before." Symantec thinks Proofpoint may have erred in some of its analysis.
A modern refrigerator could have an IP address that might support a function such as testing temperature, but it would send out spam, says O'Murchu. Symantec believes that what Proofpoint likely observed was home-based routers doing network-address translation (NAT) and port forwarding in a configuration where it was actually the compromised home computer generating the spam.
But Proofpoint says it's sticking with its analysis that "cyber-criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into thingbots' to carry out the same type of malicious activity."
However, when asked to name the models of the TVs and refrigerators thought to be sending out spam, Proofpoint responded it's "not revealing the brand names of the compromised IoT devices."
Kevin Epstein, Proofpoint's vice president of information security, says he can't comment on what Symantec might or might not be seeing, but "we can confirm that we observed IoT devices sending spam."
Proofpoint is "well-aware of the port-forwarding behavior of these devices that Symantec and others have mentioned," Epstein commented. "We then checked interface stats and uncovered evidence that the email messages had been proxied via the WAN interface, and didn't originate from the internal NATted segment."
Epstein concluded: "In short, we verified that these devices were configured to act as e-mail proxies, and we collected evidence that indicated active e-mail proxying was occurring." Proofpoint says it's "confident about what it observed."But Symantec remains skeptical that refrigerators and TVs have become part of some cyber-criminal botnet empire. But Symantec adds that doesn't mean it doesn't think there are security issues associated with the IoT.
Sign up for CIO Asia eNewsletters.