We are currently trialling our new-look independent.co.uk website - please send any feedback to beta@independent.co.uk


Could your fridge send you spam? Security researchers report 'internet of things' botnet

A report published last week claimed that a 100,000-strong botnet included 'at least one refrigerator', but do we need to worry about getting scammed by our kitchen appliances?

Could your fridge send you spam?

This is the claim from California-based security researchers Proofpoint, who announced in a recent report that they had discovered a new type of botnet that included “multi-media centers, televisions and at least one refrigerator.”

Proofpoint says that between 23 December, 2013 and 6 January, 2014, the 100,000-strong botnet sent out more than 750,000 “malicious email communications” with more than “25 per cent of the volume sent by things that were not conventional laptops, desktop computers or mobile devices.”

The news seems to exacerbate fears regarding the security of the ‘internet of things’: with more and more household devices able to connect to the internet, what’s to stop hackers compromising them just as they would your computer?

Proofpoint claim that their research raises "significant security implications for devices owners” and whilst it’s true that there are many problems regarding the safety of these gadgets, security experts are less than certain about the truth of this particular example.

Technology site Ars Technica has said that there’s “a significant lack of technical detail for a report with such an extraordinary finding”, noting that the researchers could have confused spam coming from a hacked fridge with  spam from a hacked computer on the same network.

They also point out that from the hacker’s point of view, compromising smart devices just doesn’t make much sense, especially as many of the devices tracked down by the researchers sent out just ten spam messages.

“The botnet reported by Proofpoint requires too much effort and not enough reward,” says Dan Goodin.

However, using smart devices to send spam is plausible and it might just be that in this particular example Proofpoint didn’t look too hard at their results, allowing them to keep that crucial claim that “at least one refrigerator” was involved and thus reap the media attention that followed.

For security-conscious consumers, there's probably more important things to worry about. Proofpoint's report noted that many of the devices were compromised because their default passwords had not been changed by users. For this reason it seems that we should should worry more about basic security practices, before getting worked up about kitchen appliances sending scams to our inbox.