5 (more) alarming showcases of IoT dangers

By Per Christian Foss, Sales Manager IoT on Dec 19, 2017 8:00:00 AM |

Share:

These five examples leave no doubt that the Internet of Things (IoT) is way too sloppily secured.

protection-concept-protect-mechanism-system-privacy-vector-id614017224.jpg

If you don´t ensure the flow of data sent between your devices and the Internet, you will be exposed to hackers sooner or later.

A while ago we wrote about five IoT solutions that went wrong, and why. This is the sequel. If your devices are communicating openly over the Internet, they will be hacked. That's exactly what happened in the examples below.


Subscribe to blog

 

1. The Dyn attacks in 2016

What do Facebook, Netflix, Spotify, Twitter, Amazon and Reddit all have in common? They are all hosted by Dyn servers, along with a staggering amount of popular websites and services – servers that were attacked on October 21st 2016. A veritable army of captured IoT devices launched the biggest DDoS attack against the Internet in history, rendering large parts of it unusable.

The attack was measured at 1.2 Tbits – twice the strength of the previous record holder. The botnets behind it all, mainly Mirai and BASHLITE, gained control of the offending devices by testing common username/password combinations. It's quite frustrating to know the Internet is under constant threat because so many people don't bother changing the login information from admin/admin.

 

2. Pacemakers open for attack

What's scarier than the Internet being attacked? Answer: knowing the technology keeping your heart pumping could be stopped at any time. At St. Jude's children's hospital in Tennessee, they luckily discovered in time that both pacemakers and defibrillators had open and exposed connections to the Internet.

Anyone with evil intentions could have disturbed the heart rhythm, administered shocks, or emptied the batteries of the life sustaining devices – meant for children. Only pure luck that nobody attempted anything before the exploit was fixed, kept the story from having a much more dramatic ending.

 

3. University network attacked itself – over seafood

In the Verizon Data Breach Report for 2017, we can read about an unspecified university where the entire network was ground to a halt through a rather unconventional DDoS attack. Somebody had requested 5000 IoT devices – mainly light sensors and vending machines – to use all available bandwidth to search for seafood restaurants. The students struggled to use the Internet for anything, and most couldn't even get online during the attack.

This is an uncommon form of attack where the victim's own devices are used against them, while the threat normally comes from external botnets. Security experts finally managed to stop the attack before the network crashed completely. Hopefully the attacker at least managed to find a nice piece of fish by then.

 

11 year old hacked teddy bear

To IoT enthusiasts, eleven year old Reuben Paul is perhaps better known as the Cyber Ninja. With some probable help from his father, IT expert Mano Paul, he's held several popular talks on IoT security since he was eight years old, and founded the non profit Cyber Shaolin that teaches children about data security.

At a security conference in Hague 2017, he used a Raspberry Pi to search for and gain access to Bluetooth-connected devices in the area. He then used those devices to hack into a teddy bear connected to the Cloud, brought for the occasion, to make it light up and display warnings about how important it is to secure your IoT devices properly.

It's cute, but also quite alarming, seeing as many of the hacked devices belonged to proclaimed IoT experts.

 

5. Hijacked 150 000 printers for the fun of it

In february 2017 a bored high school student in the UK was drinking coffee and coding. He decided to write a small program in C to gain access to unsecured printers around the world. He was shocked when he saw how many immediately responded – 150 000 of them.

Luckily the student didn't have too malicious intentions, and settled on printing some fake warnings that the printers were captured by a dangerous botnet controlled by Vladimir Putin's forehead (yeah) – along with an encouragement to secure the open ports. A similar method has been used in the past to remotely print anti semittic propaganda.

Luckily the printer's weren't captured by a real botnet this time. But they could easily have been.

addsecure_iot_made_easy

IoT security

Per Christian Foss, Sales Manager IoT

By Per Christian Foss, Sales Manager IoT

Per Christian has 7 years experience in the Internet of Things area, within business development, sales and product management. He has worked with a wide range of verticals within IoT, such as connected cars, smart cities, security solutions and self-driven buses.
false
iot security_addsecure