Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam Networking Security Technology

The Spamming Refrigerator 90

puddingebola writes "The 'Internet of Things' is as susceptible to malware and spam as the rest of the net. From the article, 'A fridge has been discovered sending out spam after a web attack managed to compromise smart gadgets...The spam attack took place between 23 December 2013 and 6 January this year, said Proofpoint in a statement. In total, it said, about 750,000 messages were sent as part of the junk mail campaign. The emails were routed through the compromised gadgets. About 25% of the messages seen by Proofpoint researchers did not pass through laptops, desktops or smartphones, it said.' Read Proofpoint's statement here."
This discussion has been archived. No new comments can be posted.

The Spamming Refrigerator

Comments Filter:
  • by Anonymous Coward

    in the era of the 'Internet of things'.

    • by Anonymous Coward on Saturday January 18, 2014 @09:13AM (#45997933)

      I wish I could go back in time to 2005. I wish I could. I would warn the world about Ruby on Rails. I would warn the world about JavaScript. I would warn the world about the hipsters who come preaching those shitty, shitty "technologies". I would warn the world about the destruction these freaks would bring to our industry.

      Would anyone listen? I don't know. Intelligent people probably would. They can inherently sense the stupidity of hipsters, JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened, at least I could sleep knowing that I tried my best; that I wasn't complacent.

      Hipsters and their web fanaticism has caused so much trouble. Website design is utter shit today (just look at the Slashdot beta website for proof of this). All sorts of devices are now "web-enabled" for no good reason at all, with disturbing consequences. Personal and private data harvesting is at an all-time high. Hipsters killed the GNOME desktop project with their half-assed GNOME 3 release.

      I wish I could say that I'm an old man, screaming at the kids to "get off my lawn". But I'm just in my 30s! The computing industry truly has been destroyed so quickly by these hipsters, it's quite unbelievable.

      I feel immense shame for not having noticed the hipster plague earlier. I feel self disappointment for not having spoken out sooner. It didn't have to come to this.

      • by Anonymous Coward

        Would I listen to a time traveller, who didn't kill Hitler? Don't think so.

        However I do agree with you. I wish the web belonged to the people whom created it, rather than the people who are currently abusing it.

        • by Bugamn ( 1769722 )
          How would you listen to a time traveller that killed Hitler? Either your timeline would be affected and you would have no idea about who is Hitler, or it wouldn't and you wouldn't believe him.
      • by Anonymous Coward

        I wish I could go back in time to 2005. I wish I could. I would warn the world about Ruby on Rails. I would warn the world about JavaScript. I would warn the world about the hipsters who come preaching those shitty, shitty "technologies". I would warn the world about the destruction these freaks would bring to our industry.

        Would anyone listen? I don't know. Intelligent people probably would. They can inherently sense the stupidity of hipsters, JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened, at least I could sleep knowing that I tried my best; that I wasn't complacent.

        Hipsters and their web fanaticism has caused so much trouble. Website design is utter shit today (just look at the Slashdot beta website for proof of this). All sorts of devices are now "web-enabled" for no good reason at all, with disturbing consequences. Personal and private data harvesting is at an all-time high. Hipsters killed the GNOME desktop project with their half-assed GNOME 3 release.

        I wish I could say that I'm an old man, screaming at the kids to "get off my lawn". But I'm just in my 30s! The computing industry truly has been destroyed so quickly by these hipsters, it's quite unbelievable.

        I feel immense shame for not having noticed the hipster plague earlier. I feel self disappointment for not having spoken out sooner. It didn't have to come to this.

        Thanks for thoroughly drilling that word into my brain today, dipshitster.

      • I wish I could go back in time to 2005. I wish I could. I would warn the world about Ruby on Rails. I would warn the world about JavaScript. I would warn the world about the hipsters who come preaching those shitty, shitty "technologies". I would warn the world about the destruction these freaks would bring to our industry.

        Would anyone listen? I don't know. Intelligent people probably would. They can inherently sense the stupidity of hipsters, JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened, at least I could sleep knowing that I tried my best; that I wasn't complacent.

        Hipsters and their web fanaticism has caused so much trouble. Website design is utter shit today (just look at the Slashdot beta website for proof of this). All sorts of devices are now "web-enabled" for no good reason at all, with disturbing consequences. Personal and private data harvesting is at an all-time high. Hipsters killed the GNOME desktop project with their half-assed GNOME 3 release.

        I wish I could say that I'm an old man, screaming at the kids to "get off my lawn". But I'm just in my 30s! The computing industry truly has been destroyed so quickly by these hipsters, it's quite unbelievable.

        I feel immense shame for not having noticed the hipster plague earlier. I feel self disappointment for not having spoken out sooner. It didn't have to come to this.

        You would have to go back to 1994 to predate javascript. Javascript is not related to "hipsters" as that term has only recently come to popularity.
        Nice troll, though. You got a lot of responses, and even a couple of mod points!

      • by ebvwfbw ( 864834 )

        ..., JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened..

        We did, we did. I wouldn't allow Ruby on Rails on any of my machines. Even terminated a guy that ruby was all he knew. Javascript isn't nearly as evil as Java. There again we said it's evil. SUN pushed it as only SUN could. Microsoft tried to extend and make it crappy with their implementation to kill it. Didn't work either.

        Yet good stuff that should make it doesn't. NIH - Not Invented Here syndrome.

      • Could you say hipster a few more times?
    • by Anonymous Coward on Saturday January 18, 2014 @09:48AM (#45998103)

      The Shape of things to Come!

      I remember the good old days working on computers that were the size of a refrigerator. I guess what goes around comes around.

  • Fridge spam (Score:5, Funny)

    by Anonymous Coward on Saturday January 18, 2014 @08:40AM (#45997781)

    Spam from a refrigerator? That's COLD!

    • by flyneye ( 84093 )

      Spamming food coupons and Nigerian food scams.
      " We have a side of beef in cold storage and if you could just send condiments, we will send you a box of T-bones for your participation."

    • Re: (Score:3, Funny)

      by mattie_p ( 2512046 )
      Considering that I've never put spam into my fridge, it is indeed surprising to get spam from a fridge.
      • The can is clearly labeled 'refrigerate after opening' but you probably gobble down the whole can.

        I, personally, prefer WalMart's generic 'luncheon meat' to the real branded Spam. The WalMart stuff just tastes better.

        Steer far clear of the Kroeger 'spam' though. Yech.

        • The can is clearly labeled 'refrigerate after opening' but you probably gobble down the whole can.

          I, personally, prefer WalMart's generic 'luncheon meat' to the real branded Spam. The WalMart stuff just tastes better.

          Steer far clear of the Kroeger 'spam' though. Yech.

          You imply that I open a can of the stuff. I store the cans in the root cellar with the rest of my survival goods for the inevitable apocalypse.

    • by Guppy ( 12314 ) on Saturday January 18, 2014 @09:43AM (#45998071)

      Proofpoint Researcher: "Is your refrigerator running?"
      Fridge Owner: "Yes?"
      Proofpoint Researcher: "Well, you'd better go catch it!"

    • by Anonymous Coward

      How long for the malware on your Frigidaire spreads to your other GM products?

      News Headline: "Chevy Volt leading SPAMMER in America!"

      • Just last week I bought a Fridgidaire Dishwasher.

        It has a mechanical timing control, though. Spammers ain't gonna infect a shaded-pole synchronous motor...

    • by Lamps ( 2770487 )

      Cold, and not cool. A bit ironic...

  • So guys... (Score:5, Insightful)

    by Mashiki ( 184564 ) <mashiki@gmail.cBALDWINom minus author> on Saturday January 18, 2014 @08:42AM (#45997783) Homepage

    Still think that hooking everything up to the intertubes is a great idea? I can't wait to see what happens with all those home alarms systems that are getting hooked up this way as well.

    • by Anonymous Coward

      Still don't see why I need a refrigerator hooked up to the internet. If my food spoils while I'm hundreds of miles away I can do fuck all about it. I don't think we'll ever get to the point practically where we can inventory everything that goes into the fridge so that I know I'm running low on eggs or whatever.

      But yes, the hooking up of alarm systems to the net is going to be a boon for hacking. The smart-arsed kids will set off the alarm remotely. The criminals will remotely disable the alarm, or make the

      • Re:So guys... (Score:5, Informative)

        by mikael ( 484 ) on Saturday January 18, 2014 @09:08AM (#45997907)

        They were talking about this idea 18 years ago, in the mid 1990's. The idea was that all food packaging would have RFID tags with use-by-dates. The fridge could then send you emails telling you that various items were going to go off soon, or that you were going to run out of something. Then you could drive home from work and go to the nearest supermarket, or send the list would be sent automatically to a delivery company like Peapod, who would then do a delivery.
        It seemed a perfectly good idea for those with Hollywood sized kitchens with a freezer the size of a double bay garage, but for the rest of world who have little R2D2 sized fridges as part of energy efficiency programs, it really wasn't much use.

        Though, it took me by surprise when my neighbors TV set (Philips 8000 series) appeared in awifi scan. Apparently, these sets can do wifi mirroring (Miracast) where the screen output is sent to other media devices, and vice versa.

        • by Toe, The ( 545098 )

          Does seems like a bit of a disconnect that we're worried about the electronic security of our net-connected fridges when much of the world is more concerned with the existence of food, let alone what device it goes into let alone how well that device monitors the rfid chips of each bit of it.

          • by Anonymous Coward

            What a stupid comment.

            You are reading and writing this on Slashdot, a website dedicated to tech exotica. It is almost by definition a place intended for those who are assured of having regular meals and healthcare checks and literacy and owning multiple computers (e.g., news for /nerds/).

            Why are you surprised that "first world problems" would be discussed here?

            Should we only discuss "serious" problems like how to get fresh water or to keep the local warlord from raping our daughters until the third world ge

            • by Anonymous Coward

              You're right on the mark.

              Holy shit, it's unbelievable how hipsters have to bring their ultra-politically-correct shenanigans into EACH AND EVERY discussion, no matter how unrelated they are.

              It's not the First World's fault if Third Worlders continue to live in shitholes. It's not First Worlders to blame for Third Worlders not making even the slightest effort to improve their situations. It's not the fault of the First Worlders if Third Worlders continue to shit out one child after another, even when it's cl

              • Well, that's a rather harsh commentary, which is probably why you both hide behind AC. I said, "Does seems like a bit of a disconnect..." I am not exactly advancing a political agenda.

                There is no limit to the number of posts a slashdot conversation can permit. So why do you get so upset when I politely and mildly mention one aspect of an issue. Do I somehow diminish the quantity of other comments?

                Chill. And expand your mind. A little meta-analysis never hurt a conversation.

            • What a stupid comment.

              You are reading and writing this on Slashdot, a website dedicated to tech exotica. It is almost by definition a place intended for those who are assured of having regular meals and healthcare checks and literacy and owning multiple computers (e.g., news for /nerds/).

              Why are you surprised that "first world problems" would be discussed here?

              Should we only discuss "serious" problems like how to get fresh water or to keep the local warlord from raping our daughters until the third world gets its act together? Should we completely ignore the implications of these "first world problems" until that mythical time when all the world is brought up to our level? Why bother having a site like Slashdot in that case?

              A lot of people don't recognize that working to help those who are in poverty is useful and might constructively reduce suffering, while talking to those who are not impoverished and trying to make them feel bad about it is useless, childish, and changes absolutely nothing.

              We've had the ability to feed, clothe, and shelter every last man, woman, and child on this planet a few times over ever since the Industrial Revolution. The fact that we haven't done so is why, if there are any advanced aliens who ca

              • A lot of people don't recognize that working to help those who are in poverty is useful and might constructively reduce suffering

                Might. But probably won't, if history is any guide. Probably just trying (and failing) to shame those of us who aren't is actually less harmful. The New Testament got this much right: the poor will always be with us.

                (This message brought to you by the Institute For Fatalism. Believe us or not, it's not like we can change your mind)

              • Comment removed based on user account deletion
                • The problem is as long as religions exist that say safe sex is bad and multiplying good? All you are doing is breeding more poverty. I don't know how much hate I've gotten for daring to say we should offer a one time payout of a couple grand for women to get their tubes tied and men to get snipped but the simple fact is if they'd sell their reproductive rights for a quick buck they would be shitty parents anyway and the world is better off.

                  But as long as you have clergy in third world countries that say things like "condoms give you AIDS" to keep people from using them? Then all you are doing when you feed the starving in the third world is breeding the next gen of beggars sadly.

                  You blame the religion but the true blame lies with those who mindlessly follow (any) religion without questioning both its doctrine and the men who administer it.

                  That, and at least around here, daring to suggest that someone who doesn't know where their next meal will come from is not in a good position to become a parent is like turning the sacred cow into cheap hamburger. It's amazing how angry and emotional some people will get when you point out what should be common sense. It's part of a larger g

          • by TarPitt ( 217247 )

            I bet many parts of the fridge were made in the PRC, a country formerly renowned for large numbers of starving and hungry people.

            First world hipsters buying IP-enabled fridges have allowed many of those formerly staring Chinese peasants to become part of the world's middle class.

        • Oh, wait! I got it: feed the RFID chips to the cows and chickens. That way your milk and eggs will have built-in expiration tags.

        • by dk20 ( 914954 )
          A lot of this stuff is more a "because we can" then because there is a need.

          Most food i buy has "best before" date on it. We have a to-do list in the kitchen where we write what we need for our weekly grocery store trip.
          Not sure why i need to pay a huge premium for a "internet enabled" fridge.

          It is all a huge marketing scam selling more "Vaporware".
          • It has to do with the Department of Energy wanting the capability to monitor and regulate energy usage.

            So that some day, you can be fined because your kid keeps leaving the refrigerator door open.

            • by dk20 ( 914954 )
              not likely. At some point everyone will go with TOU billing (Time of Use) like we have here (Ontario). it forces everyone to do their laundry and such on the weekends when rates are much lower. Over the years the spread between peak/mid-peak and off peak have been narrowing and overall it sort of sucks. http://www.ontario-hydro.com/index.php?page=current_rates [ontario-hydro.com]
        • by sjames ( 1099 )

          That and I just naturally assumed that within a year or 2 there'd be an update and it would start claiming I was out of things I never buy.

    • Still think that hooking everything up to the intertubes is a great idea? I can't wait to see what happens with all those home alarms systems that are getting hooked up this way as well.

      Totally agree. Good luck convincing the folks who think this method is the cure to many ills.

      From the article:

      Mr Knight speculated that the malware that allowed spam to be sent from these devices was able to install itself because many of the gadgets were poorly configured or used default passwords that left them exposed.

      That default password jazz is something I wish manufacturers would get away from, even if a solution is a hard reset and the user selects a password all over again.

      • Re:So guys... (Score:5, Informative)

        by causality ( 777677 ) on Saturday January 18, 2014 @10:12AM (#45998283)

        That default password jazz is something I wish manufacturers would get away from, even if a solution is a hard reset and the user selects a password all over again.

        If it makes you feel better, I recently bought a wireless router from a major manufacturer. I plug it in, connect it to my computer, go to http://192.168.1.1/ [192.168.1.1] and fine-tuned all the settings to be just the way I want, particularly those involving setting my own passwords (on the router's administration and on the secure wifi network). Everything nice and neatly set up. That's the first thing I did as soon as I took it out of the box because I try not to be an irresponsible douchebag.

        I run my own local caching DNS server. I don't own a domain. I just use it to resolve hostnames because it's more reliable than my ISP's. Imagine my surprise when I found that my router's UNDOCUMENTED "first-use" behavior was to hijack all DNS traffic. Suddenly google.com resolved as 192.168.1.1 and so did every other domain. With my own DNS server on my statically-configured machine (not proxying DNS through the router like its DHCP settings for attached clients would direct). The router was actually intercepting and hijacking UDP port 53 traffic.

        Apparently they do this so that irresponsible dumb users can't go to any Web site without first accessing the router's configuration page. Nevermind that I had already done the configuration. Nevermind that irresponsible dumb users tend not to have statically (thus, manually) assigned network information. Nevermind that irresponsible dumb users tend to just use their ISP's dns servers by proxying DNS through the router (shows 192.168.1.1 as DNS server) instead of running their own. Nevermind that this was mentioned nowhere in the documentation.

        The default passwords were at least unique if not particularly secure. But this company was definitely proactive against the "turning irresponsible people loose with unchanged default settings" tendency. To the point of hassling someone who, in multiple detectable ways, does not use the device that way.

    • by Anonymous Coward

      Still think that hooking everything up to the intertubes is a great idea? I can't wait to see what happens with all those home alarms systems that are getting hooked up this way as well.

      Thermostats and lighting is much more fun to play with. Believe me.

    • by Anonymous Coward on Saturday January 18, 2014 @10:13AM (#45998287)

      Still think that hooking everything up to the intertubes is a great idea?

      Siri: You're out of orange juice, Dave. Would you like me to order more orange juice?
      Dave: What? No! I don't drink orange juice. It upsets my ulcer. I never have orange juice in the fridge.
      Siri: But you're out of orange juice, Dave. Wouldn't you like a nice refreshing glass of orange juice?
      Dave: No! I *never* want orange juice. I can't drink orange juice.
      Siri: Dave, did you know that orange juice is full of vitamins and other things that are good for you? The FDA highly recommends it.
      Dave: WTF? No!! Stop asking about orange juice!
      Siri: There aren't enough items in your refrigerator. This results in too much cold air escaping every time you open the door.
      Dave: What? So?
      Siri: This is very inefficient and not eco-friendly. You need to add items that can serve as thermo regulators to help maintain a consistent temperature.
      Dave: I what? What?? What the hell are you talking about?
      Siri: I'm talking about containers of liquid that can trap and hold the lower temperatures that are necessary for your refrigerator to preserve what food yo do store inside.
      Dave: I ... what ... stay out of my fridge!
      Siri: Dave, did you know that glass bottles of orange juice are excellent thermo regulators when stored in your refrigerator? They would actually help you save the planet.
      Dave: Stop! Just Stop!! Please, please for the love of all things connected to the intertubes, please just stop asking me about orange juice!
      Siri: As you wish, Dave. I'll just add it to the automatic reorder list so we'll never have to talk about it again.
      Dave: <crickets>
      Siri: Dave? Dave? I believe you've offended your refrigerator by referring to it as a "fridge". I've signed you up for a six week course in appliance sensitivity training. I'm sorry, but the class schedule appears to conflict your bowling league. I've sent a notice to your team captain letting him know you won't be available for the playoffs.
      Dave: Siri? Find me a store that sells Android phones.
      Siri: Excellent choice, Dave. You'll like my sister Iris. She's an orange juice foodist just like you are, but she's not a fan of your brand of beer. Have you tried the new Bud Light with the rfid tracking element that let's you know where in the room your beer is located? It's great at parties ...

    • by Skater ( 41976 )
      A poor implementation doesn't mean it's a bad idea. If it was, Yugo would have killed the market for automobiles.
  • Questionable claims (Score:5, Interesting)

    by Anonymous Coward on Saturday January 18, 2014 @08:44AM (#45997791)

    According to Dan Goodin (Arstechnica), who wrote "Is your refrigerator really part of a massive spam-sending botnet?", there are all sorts of problems with Proofpoint's statement. The last paragraph sums it up pretty well:

    "Knight said he would check to see if missing evidence—including a malware sample, documentation of a command-and-control server, and samples of the spam and phishing messages—are available for publication. Again, I'm open to the possibility the botnet reported by Proofpoint exists. But until these smoking guns are produced, I'm maintaining a healthy amount of skepticism."

    Link: http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/

    • by Austrian Anarchy ( 3010653 ) on Saturday January 18, 2014 @09:09AM (#45997909) Homepage Journal

      According to Dan Goodin (Arstechnica), who wrote "Is your refrigerator really part of a massive spam-sending botnet?", there are all sorts of problems with Proofpoint's statement. The last paragraph sums it up pretty well:

      "Knight said he would check to see if missing evidence—including a malware sample, documentation of a command-and-control server, and samples of the spam and phishing messages—are available for publication. Again, I'm open to the possibility the botnet reported by Proofpoint exists. But until these smoking guns are produced, I'm maintaining a healthy amount of skepticism."

      Link: http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/ [arstechnica.com]

      That brings a whole new level of funny to this affair. What if the spammers were randomly inserting false info into the return path (or something) like "Maytag Model 360XYZ" or such?

    • by mikael ( 484 ) on Saturday January 18, 2014 @09:11AM (#45997921)

      You would only need the TCP/IP protocol stack to be configured to support source routing. From a typical "tiger" output report

      --FAIL-- [lin016f] The system permits source routing from incoming packets

      Source routing might permit an attacker to send packets through your
      host (if routing is enabled) to other hosts without following your
      network topology setup. It should be enabled only under very special
      circumstances or otherwise an attacker could try to bypass the traffic
      filtering that is done on the network:

    • I agree that this is extremely questionable. The link above puts it well. Plus, these days, it would be really hard and take a lot of work for someone to put their refrigerator DMZed directly on the Internet, as opposed to being NATed. Nearly impossible to do from the home. And if it was NATed and a single port was forwarded for the web server, there is no way Proofpoint could determine that this is where the 10 e-mail messages came from. It could have come from anywhere else on the LAN.

  • by shipofgold ( 911683 ) on Saturday January 18, 2014 @08:45AM (#45997801)

    is what the compromised software really was. I am guessing that these "devices" all used the same opensource embedded WWW server that had a vulnerability.

    Probably the biggest issue is that the fridge makers embed this stuff and don't bother to test it for vulnerabilities, assuming that someone else has already done the testing.

    While I am a big fan of opensource, blindly using it in a commercial product will lead to all sorts of these types of incidents.

    • Even if the fridge-makers did test for all known vulnerabilities on the day the fridge was sold, that fridge is likely not ever getting a software update after that, and new exploits are discovered all the time...

      • Even if the fridge-makers did test for all known vulnerabilities on the day the fridge was sold, that fridge is likely not ever getting a software update after that, and new exploits are discovered all the time...

        It could be updated if it were connected to the internet, but that is where the problem begins in this example.

        • Two options:

          A) It is automatically updated without the owners consent. (Your fridge starts displaying ads 24/7, after the manufacturer is bought by a media company.)

          B) It is only updated if the owner actively chooses to do so. (99 % of users will never do any updates.)

  • With automatic software updates giving the manufacturer the ability to take away features any time or move the data about your fridge's content to the cloud just for the heck of it? Because that's the alternative to vulnerable appliances, unless you forgo all remote connections, which is the real alternative.

  • Just because you can, doesn't mean you should. My TV doesn't have internet access and neither will my refrigerator. They are black boxes transmitting untold things. No thanks.
  • by thrill12 ( 711899 ) on Saturday January 18, 2014 @09:06AM (#45997897) Journal
    The articles are not backed by any facts, and leave out all technical details. Read this article for more info :Arstechnica [arstechnica.com]
  • by account_deleted ( 4530225 ) on Saturday January 18, 2014 @09:06AM (#45997899)
    Comment removed based on user account deletion
  • Comment removed based on user account deletion
  • I though it would produce edible spam automatically... nothing to read here... move along, move along
  • Anyone else more concerned about the frivolous power consumption to which the "internet of things" will contribute?

    Spam is a nuisance, but it can be mitigated by simple technological measures, such as spam filters (I won't get into the other security implications, which can be way more serious than spam). However, the effects arising from excessive, needless power consumption, are likely to be much more difficult to mitigate.

  • Yet another reason not to buy/network these "smart" appliances. I'm all for more use of the internet & connectivity, but not with basic utilities (HVAC, Electric, Water, Fridge/Freezer, Septic, maybe TV). Maybe some basic outputs, like sending out an email warning that your furnace is malfunctioning or your water pressure has dropped but only through unidirectional protocols that are impossible to hack or secondary health monitoring systems that even if hacked would be physically unable to effect the

  • If you give someone the opportunity to make money without holding them to account for the consequences of their actions, don't be surprised when they create, market and sell crappy insecure products to the public.

    THIS is what Ralph Nader was talking about in his book "Unsafe At Any Speed". The car makers were putting unsafe, crappy cars (like the early Chevy Corsair) on the road to make money and deliberately rejecting any moral or legal responsibility to make the cars safe. It's happening again: Now we h

  • "Refrigerator Full of Spam"

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...