Did Your Toaster Just Spam Me?

I was watching television recently when I saw an awesome AT&T commercial that summed up the greatness that is technology. Take a look.

The dad literally turned off all the appliances and locked the door with a press of a button on his smartphone. Mind… Blown… I’m not easily impressed, but after seeing this I had to know more. How could all of these different things be turned off remotely with one app? Are they connected to the internet? What did I just see?

After some research, I found out that everything in that mind-blowing commercial will probably be common in about seven years. Household appliances like toasters, refrigerators, ovens, and coffee pots are being enabled to communicate with each other and with your applications — technology referred to as IoT, or the Internet of Things. We know about smart TVs, but say hello to smart thermostats. These devices have the ability to connect wirelessly via router signals, and some can even connect to the internet on their own. Not only that, but these appliances are able to connect, control, and share resources over different operating systems. This is so cool that even Google wants a piece of the action — which explains their $3.2 billion purchase of Nest, creator of smart thermostats and smoke alarms.

Last year 10 billion of these devices were connected to the internet, and there are estimates that up to 212 billion devices will be connected by 2020. The Internet of Things is slated to be an $8.9 trillion market by 2020, and will include many more things than just household devices. State, local, and federal governments are preparing to expand on these kinds of technologies and use them to create entire smart cities, as well as tech-supported infrastructure and energy sources such as wind turbines. These will all fall under the category of IoT and therefore could have some of the same vulnerabilities.

Proofpoint, a new tech security firm, has found evidence that smart appliances have the ability to be cyberattacked. In a study conducted from December 23, 2013 to January 6, 2014, Proofpoint found that more than 100,000 common appliances like multimedia centers, TVs, routers, and refrigerators were able to send 750,000 malicious emails in bursts of 100,000, three times a day. While some people may not be frightened by the prospect of their toaster sending out spam, we should note that this implies a bigger problem.

Proofpoint was not the first entity to point out these security issues, as there have been reports dating back to 2009 of concerns with the ability to hack routers. However, Proofpoint is the first to show supporting evidence that these security breaches can, will, and have happened to appliances. So what is happening? First, these devices are mass produced without much antivirus software to protect against security breaches. Because the devices have internet connectivity, hackers are able to exploit some of the known software vulnerabilities of the devices and apps that are used to control them. By exploiting these vulnerabilities, these devices become spam-sending machines capable of conducting denial of service attacks used to steal usernames and passwords. Another problem is that hackers may gain the ability to control the functions of the devices. What’s even more frightening is that many consumers won’t even know their networks and devices have been compromised.

The reason these vulnerabilities have not been dealt with is the lack of security standards for these gadgets. Not only have companies not produced universal security standards, there has been no government intervention to set security standards. With technology changing so rapidly, government officials have not been able to keep up with the changes and pass laws accordingly. Until such time as these standards are created, either by companies or by the government, we’re on our own folks.

On the bright side, I’m sure companies don’t want their products to be responsible for spreading viruses and spamming people. For that reason, I believe companies will develop more robust antivirus software as smart appliances become more common. However, if you already have one of these devices, you may want to take some precautions to protect them. Some suggestions are to screen your internet connections and bar devices that aren’t email servers from being able to send email. Another suggestion is to encrypt your devices. While my mind is still completely blown by the commercial I saw, I think that’s where I’ll let my interest pique…for now.

—

Teerah Goodrum (@AisleNotes), is a graduate student at Howard University with a concentration in Public Administration and Public Policy.  Her time on Capitol Hill as a Science and Technology Legislative Assistant has given her insight into the tech community.  In her spare time she enjoys visiting her favorite city, Seattle, and playing fantasy football!

Featured image courtesy of [James Nash via Flickr]

Teerah Goodrum

Teerah Goodrum is a Graduate of Howard University with a Masters degree in Public Administration and Public Policy. Her time on Capitol Hill as a Science and Technology Legislative Assistant has given her insight into the tech community. In her spare time she enjoys visiting her favorite city, Seattle, and playing fantasy football. Contact Teerah at staff@LawStreetMedia.com.