We have discussed for a long on the Internet of thing referring the network of intelligent devices and their capability stay always online, we also remarked the possibility that cybercriminals could exploit them for illegal activities. But not only this category of object could be compromised by cybercriminals, devices apparently inanimate and devoid of intelligence like a blender or a flat iron can hide pitfalls.
Cyber criminals are are to plant chips in practically every electrical device, recently it has been discovered that irons and kettles were modified with this technique to launch spam attacks. The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround. The chips were equipped with “a little microphone” and according the correspondent the component were mostly being used to serve malware, the chips in fact are able to connect any computer within a 200m radius on unprotected Wi-Fi networks.
News agency Rosbalt reports that while the last delivery of appliances was rejected by officials, but tens of devices had already been sent to retailers in St Petersburg. If you believe that these cases are isolated you are completely wrong, many other common-use products have found to have rogue chips, including gaming console, chargers, network devices, mobile phones and car dashboard cameras.
The discovery is disturbing for many, but not for security experts, and it raises once again the necessity for hardware qualification in both military and civil sectors, I’ve detailed in various posts the possibility to hide malicious components in the software as in the hardware .
Hidden chips are used by cybercriminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage.
While in military sector similar incident have triggered a series of initiative to for hardware validation, in large consume products the problem is relevant and approach it is not so simple … events like this are the demonstration.
(Security Affairs – backdoor, chips, cybercrime)