Attack of the … fridge? The slew of connected devices entering homes is bringing new points of vulnerabilities. Security firm Proofpoint found that more than 100,000 smart devices–including at least one connected refrigerator–were used to send out more than 750,000 malicious emails between Dec. 23, 2013 and Jan. 6, 2014. Other hacked gadgets include routers, multimedia centers, and televisions.
“As the number of such connected devices is expected to grow to more than four times the number of connected computers in the next few years according to media reports, proof of an IoT-based attack has significant security implications for device owners and Enterprise targets,” the firm said in a press release.
Proofpoint notes that most of these devices hadn’t been compromised in a sophisticated manner. Instead, hackers were able to access the gadgets because default passwords left the electronics devices exposed on public networks.
The malicious emails were typically sent in waves of 100,000, three times a day. About a quarter of this spam came from consumer gadgets–not laptops, desktops, or mobile devices. The attack sent no more than 10 emails from a single IP address.
“Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem,” Michael Osterman, principal analyst at Osterman Research, said in a statement.
Update: Security firm Symantec has come out to challenge Proofpoint’s report, saying the spam came entirely from infected Windows machines and that the fridge in question “just happened to be on the same network as an infected computer.” That said, Symantec agrees that connected devices can pose a security risk. “So don’t be surprised if, in the near future, your refrigerator actually does start sending spam,” it said in a blog post.