100,000 Refrigerators and other home appliances hacked to perform cyber attack

Hacker used Botnet network of 100,000 Refrigerator and Smart TVs to send Spam emails

Have you given shed to Zombies in your house? No???? May be you have no idea about it. After Computers, Servers, Routers, Mobiles, Tablets…. Now its turn of your home appliances to be a weapon or a victim of cyber war.

Recently Security Researchers from Proofpoint found more than 100,000 Smart TVs, Refrigerator, and other smart household appliances compromised by hackers to send out 750,000 malicious spam emails.

As the ’Internet of Things’ becoming smart and popular it became an easy weapon for cyber criminals to launch large scale of cyber attacks.

“The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide."

Previously, such attacks were only drafted theoretically by researchers, but this is the first such proven attack involved smart household appliances that are used as 'thingBots'- Thing Robots.

Like your personal computers can be unknowingly compromised to built a huge botnet network that can be used to launch cyber attacks, in the similar way your Smart Household Appliances and other components of the "Internet of Things" can be transformed into slaves by the cyber criminals.

The worst thing with these smart appliances is that it can be easily approached by cyber criminals due to its 24 hour availability on the Internet with an add-on of poorly protected Internet environment i.e. Poor misconfiguration and the use of default passwords.

More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location -- and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.”

Now it seems that we have 100's of cyber weapon in our home or in another way 100's of vulnerable dynamites living with us.

Comments

HC WeB : A Browser for HACKERS...

A Browser for HACKERS... Try for Free... Download HC WeB Setup Gallery: Online Penetration Testing Tools Index Information Gathering Whois DNS Location Info Enumeration and Fingerprint Data Mining Search Engines Editors Online Text Editors Share Text Snippets Network Utilities Ping HTTP HTTPS VNC Remote Desktop SSH DNS Sniffers Misc Forensics Frameworks URL Cloaking E-mail Password Cracking Encoders and Decoders Encoders Decoders Malwares Malware Analysis Identify Malicious Websites Suspected Malicious IPs and URLs Application Auditing SQL Injection Cross Site Scripting File Inclusion Anonymity Proxy Others Hackery Open Penetration Testing Bookmarks Collection Hacker Media Blogs, Forums, Magazines and Videos. Methodologies Penetration testing frameworks, standards and methodologies. OSINT Presentations, People, Organizations and Infrastructure. Exploits an...

KALI Linux 1.0.6 released; officially added Emergency Self Destruct feature

A few days back the developers of one of the most advance open source operating system for penetration testing called 'KALI Linux' announced that they were planning to include "emergency self-destruction of LUKS". They patched a utility called cryptsetup, which introduces a self destruction feature that will allow the Kali user to encrypt the full hard disk to make the data inaccessible in an emergency case by entering a secret password at boot time. Offensive Security has finally announced today the release of the latest version i.e. Kali Linux 1.0.6 with Kernel version 3.12, and also added the Self Destruct feature along with many new penetration testing and hacking tools. The new release also includes an ARM image script, that allow the user to build Kali Linux images for various ARM devices. Some more scripts are also added that enables the user to build their own custom Amazon AMI and Google Compute cloud images. If you already have a Kali Linux ins...

Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com

http://parse.com directory traversal vulnerability Little Insight: http://parse.com was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That Well this is my 4th reward form facebook Directory Traversal or RCE Vulnerability That give me 5th position in Facebook white-hat Page Report Date :23 July 2014 Reward For Directory Traversal or RCE Vulnerability : 20000$ How This work......? As we discussed earlier on my old post Flowdock Directory Traversal Vulnerability exposed files outside of Rails’ view paths. '%5C' turns into '\' after decoding. Using Rack::Protection it only rejects '/../' segments in the request path. patch apply for Rack::Protection acording CVE-2014-0130 and also Reject now '%5C' turns into '\' af...

Hacking Concepts

Search This Blog