April 7, 2014
A recent notice issued by the computer security firm, Proofpoint, suggests that a rapidly increasing threat to overall computer security involves household appliances and other networked equipment that have been hacked. As we move deeper into the world of “ubiquitous” computing, where virtually every device is connected to the Internet, important legal issues associated with responsibility and liability for security breaches are becoming more complex and more difficult to resolve.
During its analysis of an unsolicited email (“spam”) attack reported late in 2013 and early in 2014, Proofpoint concluded that many of the devices that had been compromised by hackers and made part of the spam attack were household appliances, such as refrigerators, that had network access. By introducing malicious software into approximately 100,000 networked appliances and devices, the hackers were able to generate more than 700,000 spam messages.
Some of the most popular devices now apparently targeted by hackers include household appliances, web-enabled televisions, and home media centers. Using the always-on network connections of those devices, hackers are able to introduce malicious software and convert the devices into “zombies” that can participate in illegal conduct such as denial-of-service and spam attacks.
A significant number of our household appliances and other basic equipment are operating, in effect, as Internet web servers. They are able to handle relatively sophisticated computing and communications functions. Those capabilities continue to increase substantially.
As web-servers, these appliances and other devices are attractive targets for hackers in much the same way as the traditional servers operated by Internet service providers, website hosts, and other companies are routinely targeted. In this environment, it is increasingly important that all networked devices be made as secure as possible from malicious software.
As more devices become network-enabled, security management becomes increasingly difficult. Responsibility for that security rests largely with the manufacturers of the devices. The Internet capabilities of these devices are generally embedded, and this makes it difficult for the owners and users of the devices to manage their network security. In many instances, the individual users of the equipment may not even be aware that the devices are accessing the Internet.
It is no longer enough to consider only the benefits associated with network connectivity when integrating information and communications technology into appliances, automobiles, and other products. Manufacturers of all network-enabled devices must act responsibly to ensure that best security practices are effectively integrated into their products, and are continually maintained and updated as necessary.