Years ago during the early stages of the civil war in Bosnia I wrote a column (in actual newsprint no less) about how the combatants were launching refrigerators laden with explosives at each other.
At the time I joked that this was probably due to their need to get rid of the toxic left overs that seem to accumulate over time. In any case, I figured that would be the end of any possible refrigerator jokes because, seriously, how often does an opportunity like that come around?
Well… it turns out… at least twice in a life time on the heels of this little nugget from Fox News aptly titled Hackers Use Refrigerator in Cyber Attack which on the face of it is extremely funny. The content however not so much as it illustrates a growing threat vector in hacker space: embedded operating systems in everyday devices.
The stories have been trickling out for the last year about vulnerabilities found in internet connected TV’s, but I am going out on a limb here that is the first we have heard of an exposure found in a refrigerator.
When one thinks about it shows like the Consumer Electronics Show in Las Vegas are geared almost entirely around premiering all sorts of devices used in the home that now have some sort of internet connectivity.
Each of these devices uses some sort combination of embedded operating system and java to run its display/touch screen, connect to the internet (to tell you that your supply of eggs is low) and store little bits of information. Ostensibly to make our lives easier or to inform us when there is a problem.
The problem is, unlike more traditional computing devices, the manufacturers of these devices have no record of updating the operating systems or software on them. How often does one patch a refrigerator or television?
I work in the IT industry and know how hard it is to patch traditional computers on a regular basis so I can imagine that even if manufacturers did release patches for their devices, would your ordinary Joe even think to do so or care to do so?
Several sessions of the 2013 Black Hat conference revolved around hacking embedded operating systems so it’s no surprise that the pirates out there are beginning to take advantage of the lax security measures around turning these devices into zombies.
Spam emails being sent by a refrigerator was probably the low hanging fruit for them but considering that appliance sales in 2012 hit a record $22.6 billion, that is a lot of potential devices for a pirate assembling a botnet for his nefarious purposes.
For every computer or two in a home there is probably a fridge, washer and dryer all waiting for their next orders from Skynet…
- An Introduction to Cyber Intelligence
- Reacting Faster and Better with Continuous Security Monitoring
- Proactively Hardening Systems: Defining the Attack Surface
- Top Five Hacker Tools Every CISO Should Understand
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock