A report that Internet-connected refrigerators are part of massive botnet struggles to stand up to scrutiny.
January 24, 2014 4:16 PM PST
An Internet-connected fridge could be part of a botnet, but it probably didn’t happen — this time.
The security world lit up with news of the first instance of an Internet-connected appliance participating in a botnet. Our fears of Skynet made real had come to pass: not only was your fridge keeping your half-eaten tin of Spam cold, it was sending your e-mail account fresh digital spam at the same time.
Symantec takes on one of largest botnets in history
Microsoft, feds disrupt massive Citadel botnet
‘Chameleon Botnet’ takes $6-million-a-month in ad money
Chameleon botnet steals $6M per month in click fraud scam
Malware getting smarter, says McAfee
One problem: the report appears to be based on incorrect assumptions.
Proofpoint, the security firm that published the report, said that the botnet was 100,000 machines strong and sent no more than 10 pieces of e-mail spam per IP address. However, Ars Technica noted that estimating a botnet size is difficult, and that the technique that Proofpoint used — scanning public IP addresses — is known to be hard to connect to specific devices.
Additionally, sending only 10 spam messages per IP address in a botnet is unusual. “Traditional spam botnets will push infected PCs to send as many messages as its resources allow,” said Ars reporter Dan Goodin. “The botnet reported by Proofpoint requires too much effort and not enough reward.”
As Goodin and independent security expert Bruce Schneier noted, though, just because this connected device botnet probably didn’t happen this time doesn’t mean it won’t ever happen.
Despite being “skeptical” of the original report, Schneier said, “it could happen, and sooner or later it will.”