BARCELONA 29-31 OCTOBER 2019
CO-LOCATED EVENTS: logo-blockchainlogo-ai-cognitive

5 Infamous IoT Hacks and Vulnerabilities

The Internet of Things (IoT) envisages the world where all our electronic devices can communicate with one another. Just as the internet connects people, the IoT will connect our smart gadgets together. However, as with any fledgling technology, there are teething problems that can’t be ignored as connected devices become more integrated into businesses and our everyday lives. The following five IoT hacks demonstrate the current vulnerabilities in IoT.

 

The Mirai Botnet

This hack took place in October of 2016, and it still ranks as the largest DDoS attack ever launched. The attack that targeted a DNS service provider Dyn, using a botnet of IoT devices. It managed to cripple Dyn servers and brought huge sections of the internet down. Media titans like Twitter, Reddit, CNN, and Netflix were affected.

The botnet is named after the Mirai malware that it used to infect connected devices. Once it successfully infected a vulnerable IoT gadget, it automatically searched the internet for other vulnerable devices. Whenever it found one, the malware used the default name and password to login into the device, install itself, and repeat the process.

Many of these devices had issues with outdated firmware or weak default passwords, which made them perpetually vulnerable and easy to hack.

This attack demonstrates the importance of creating strong passwords and regular firmware updates. These updates often come with patches for current vulnerabilities, so you should never skip them. Creating strong, complex passwords for all your IoT devices is a must before adding them to your network.

Hackable Cardiac Devices

IoT devices have tremendous potential in the field of medicine. However, the stakes are very high as far as security is concerned. This was starkly illustrated by an incident in 2017 when the FDA announced that they had discovered a serious vulnerability in implantable pacemakers made by St. Jude Medical. Anyone who has watched the Homeland will be familiar with this attack.

In this case, the vulnerability laid in the transmitter that pacemakers used to communicate with external services. These pacemakers relayed information about the patient’s conditions to their physicians, which made monitoring of each patient much easier. Once attackers gained access to pacemaker’s transmitter, they were able to alter its functioning, deplete the battery, and even administer potentially fatal shocks.

The Owlet Wi-Fi Baby Heart Monitor

As more IoT devices are making their way into our homes, privacy is becoming a huge concern. For example, The Owlet Baby heart monitor may seem absolutely harmless, but the lack of security is what makes it and similar devices extremely vulnerable to hacking.

Don’t be mistaken – hackers aren’t interested in your baby’s heart rate. However, these easy-to-hack baby monitors allowed them to target other smart devices on the same network. As it turns out, one unprotected device can make your entire home vulnerable.

The TRENDnet Webcam Hack

TRENDnet marketed their SecurView cameras as being perfect for a wide range of uses. Not only they could serve as home security cameras but also double as baby monitors. Best of all, they were supposed to be secure, which is the main thing you want from the security camera.

But as it turned out, anyone who was able to find the IP address of any of these devices could easily look through it. In some cases, snoopers were also able to capture audio.

The FTC later announced that for a period of time, TRENDnet was transmitting users’ login information over the internet without any encryption as clear, readable text.

This incident demonstrates that you shouldn’t take security for granted. If a device is supposed to be secure, it doesn’t mean it isn’t leaking your private data. The best way to prevent things like this from happening is to run a penetration test or install a VPN on your home router. It will encrypt all your internet communications, so no hacker will be able to read it.

The Jeep Hack

This attack was first demonstrated in July of 2015 by a team from IBM. They were able to access the onboard software of a Jeep SUV and exploit a vulnerability in the firmware update mechanism. Researchers took total control of the vehicle and were able to speed it up and slow it down, as well as turn the wheel and cause the car to veer off the road.

As more people begin to embrace electric vehicles and move towards driverless car technology, it is increasingly important that we make sure these vehicles are as secure as possible.

The IoT promises to change our future, but at the same time, it poses severe security risks. Therefore, we should stay aware and learn how to protect our devices against cyber attacks.

High profile security lapses like those mentioned above only serve to reinforce the potential for disaster when security is neglected.

AUTHOR: Harold Kilpatrick, Guest Blogger