In the world of cyber hacking, even a refrigerator can now be an accomplice.

Computer security researchers say they discovered a large “botnet” which infected internet-connected home appliances and then delivered more than 750,000 malicious emails, the Syndey Morning Herald reports.

Cyber criminals use refrigerator to carry out ‘Internet of Things’ attack

A smart refrigerator was used, among other household appliances, in a recent e-mail phishing cyber scam. Computer scientists theorized about hackers using an “Internet of Things” attack, but this may be the first recorded attack of its kind. (Credit: Samsung).

Proofpoint, a California computer security firm, said this could likely be the first proven “Internet of Things”-based cyber attack involving “smart” appliances.

Hackers managed to penetrate home-networking routers, connected multimedia centers, televisions and at least one refrigerator to implement their IoT attack. They created a botnet – a cyber attack that uses an unprotected platform to deliver malicious spam or phishing emails from a connected device (typically without the owner’s knowledge).

Until now, security experts weren’t sure IoT attacks were possible.

These attacks bear a significant problem for end users; many internet-connected appliances don’t have malware protection. In this instance, the hackers incorporated more than 100,000 devices between December 23 and January 6, including routers, multimedia centers, televisions and at least one refrigerator, CNET reports.

Proofpoint said the case “has significant security implications for device owners and enterprise targets” because of massive growth expected in the use of smart and connected devices, from clothing to appliances. Hackers commandeer smart appliances and transform them into ‘thingbots’ to carry out the same kind of attack normally associated with personal computers.

The Internet of Things concept implies a world of devices and gadgets that connect to the internet, which build a giant sensor network to exchanges data – ideally – making like more efficient. CNET explains:

For example, home appliances that can talk to each other. Not only in your own home, but, perhaps, even in your local area, so as to be more efficient on the power grid, effectively lowering your electricity costs and being friendlier to the environment. Sensors that automatically alert you to when things go wrong when you’re not at home, like when someone breaks through a window in your house, if something is using too much electricity or when a pipe has burst and you’re suddenly expending hundreds of liters of water. Plants that not only know when they need water, but can also do something about it.

Cyber criminals use refrigerator to carry out ‘Internet of Things’ attack

Toothbrushes could be next! Kolibree introduced the “worlds first connected electric toothbrush” and the 2014 Consumer Electronics Show, and this brush’s Bluetooth technology would likely make it vulnerable to an “Internet of Things” attack. (Credit: Kolibree).

Cars and mobile devices that are all connected, so traffic can be automatically rerouted to the most efficient path when accidents happen. Governments that can react more rapidly to the collected data from things like accelerometers, so they know when roads need to be resurfaced; or, via pure device density, can tell when infrastructure or tourism needs to be bolstered.

Unless your smart device is password protected, it is likely vulnerable to the same kind of IoT attack.

The interconnectedness of these seemingly innocent appliances create access for hackers where the average homeowner has likely not protected themselves. The International Data Corporation predicts more than 200 million devices will be connected to the internet by the year 2020, creating a world of access for hackers, since these daily use items are not routinely monitored for malicious activity.

The refrigerator-scheme hackers pushed 25 percent of their data through unconventional means – other than laptops, desktop computers or mobile devices. No more than 10 emails were initiated from any single device, making the attack difficult to block based on location.