[ad name=”AmazonComputerAndInternet”]

A few days ago, Proofpoint, an American company that offers a variety of Internet related services including some related to security, revealed that it discovered what may be the first cyberattack carried out by exploiting the so-called Internet of Things. According to Proofpoint, over 750,000 phishing and spam e-mails were sent not by normal computers but by smart appliances such as TV-sets and refrigerators.

For years, criminal organizations have been a plague on the Internet because they develop a number of types of malware to infect computers. One of the malware types doesn’t damage the infected system but it turns it into a zombie, which is a computer that can be used for cyber attacks or to send thousands of spam and phishing e-mails around the world. A botnet consisting of thousands of zombies can send millions of e-mails.

In recent years, more and more devices are turning into computers and among them there are some household appliances. CRT TV-sets were simple devices for the reception of TV channels so you chose them based on their size and characteristics such as the number of Scart sockets. Today more and more models are equipped with their own operating system, typically based on Linux, and can be connected to the Internet.

This can be very useful but it can expose you to potential attacks. Linux is also known for its security but if the operating environment built on it and the software used has some vulnerabilities the system can be compromised. It’s as if the house had a foundation built according to the strictest antiseismic standards but then the rest of the building was made of sand.

In fact, Proofpoint’s claims don’t seem supported by technical very accurate elements. On the contrary, the company provided no details that can make us understand how the experts determined that the analyzed e-mails really came from TV-sets and refrigerators.

Today, a home network can be composed of a number of devices and the owners of smart appliances are typically the ones who also own various computers, smartphones and tablets. Proofpoint speaks generically of a “thingbot”, meaning a botnet composed of these appliances but without providing information on the alleged malware that affected them.

This story could be greatly exaggerated but also reveals a real vulnerability. At the moment, a thingbot may not exist but in the coming years, with the growth of the Internet of things, can we expect cyber attacks to the new devices. The manufacturers of smart-TVs typically also produce computers so they have the necessary know-how to take care of their security, also updating their operating system. Can we say the same thing about refrigerator producers? And what about cars, which are more and more often equipped with computers?

Users are also all too often unprepared to handle the security of their computers. For example, many people use very easy to guess password to access to their network or to their computers. With the adoption of other equipment, the dangers will multiply with additional risk of being spied on, of being robbed or being involved in illegal activities.