The “Internet of Unsafe Things”

July 29, 2017 | Views: 4499

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The Internet of unsafe things, aka IoT (Internet of Things), will bring problems to many users of this unnecessary technology. I see the point of IoT in an industry, in production, medicine, etc. etc., it’s really good technology, and a revolutionary one, but to connect a coffee machine or refrigerator to the internet is stupid. I can’t see a point where someone connects a house to the net, to have a so called smart house, except in some cases. However, in most it’s just about spending money. Companies in this business will convince you that you need this and you have spare money, so why not?

Experts have been warning years of the vulnerability of the IoT device, but we have only recently seen what the consequences might be. Last year we witnessed two major incidents – the biggest DDoS botnet attack made by IoT devices and a major attack on DNS providers just a month later. Unfortunately, the examples will be even more.

Now, here are two very dumb story examples:

1. A coffee machine created the problem!

The first story is an unnamed company that has its own factories all over Europe and operates in the chemical industry. Each factory has a local control room where several operators monitor developments in the factory. The work of all factories is also monitored from a remote location, or from a central control room. When an alarm is turned on this means that a parameter is popping out of the specified frame. In 9 out of 10 cases, the control system itself resolves the problem.

There are problems that can not be solved automatically, for example, a problem with the valve. When such a problem occurs, operators from the local control room follow the instructions of colleagues from the central control room.

The story takes place about a month ago. It was a light day at work, with no major problems. Suddenly, there is a panic call from the operator from the local control room. Something hit the local control system, something that all computers stopped working. In the central control room, they decided to monitor the situation from there, because they thought that the control system just dropped.

The operator described that something unusual happened on the screen, all of which looked like a notorious ransomware attack. It was weird that computers running surveillance software are not connected to the Internet. They are only connected to the internal network that is connected to the PLC (Programmable Logic Controllers). The operator was told to reinstall the system, however, it is moving again to make it “impossible” – the computers are once again infected one by one.

In the end, it turned out that all of the coffee makers were guilty of being responsible for the ransomware attack. Coffee machines had to be connected to a special WiFi network. Instead, they were first connected to the internal network of the control room, and only when they could not connect to the Internet, they are connected to a special WiFi network.

Due to this omission, all the coffee makers of a given manufacturer (not just in the above-mentioned factory, but wherever they were installed) were out of service for several days.

 2. Hackers penetrated into a Casino network thru a “smart aquarium” –

The second story is about a casino in the United States whose name is also not disclosed. Hackers managed to infiltrate the casino network and steal confidential data by first hitting the smart aquarium connected to the Internet.

The aquarium was connected to the internet to monitor the temperature of the water and to feed the fish. It used a non-immovable hacker group to infiltrate the network and upload data to a server in Finland. The compromise was discovered after a while and the failure was pervaded. However, some issues remain to be answered which should be answered before connecting smart devices to the Internet.

First of all, the question arises is whether it is safe to find a smart aquarium or another smart device online without protection, connected to the local network? Of course, it is not, because hackers often discover vulnerabilities before the device manufacturers give them a window to target targets. In this case, the attackers entered the network through a smart aquarium, and then they scanned and found other vulnerabilities inside.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
4 Comments
  1. The article title snaps up IoT exactly! Bravo!

    +10 Keep up the good work.

  2. GREAT article, and timely! I was watching a CSPAN interview with Jeff Moss which kind of confirmed my thoughts on IoT (and yours also, apparently) that a lot is unnecessary at best and unsafe and at worst leads to vulnerabilities that I am not comfortable being exposed to, security- and privacy-wise.

    The funny thing, i was almost to the point where I was ready to accept that I was maybe being overly paranoid (I confess, I am a bit of a conspraracy theorist, haha) and then Moss comes along and not in so many words confirms my suspicions(?)

    Anyway, like I said-great article. Looking forward to the next one.

    • As I wrote, many times beafore IoT, abs overal digitalization is good thing in many aspects, but not good in even more aspects. I didn’t wrote anything yet how many job will be lost and how digitalization will affect societies overall, that is huge and complex isse. I am writing about stupid things like coffe machine with Wifi, so called smart cars, smart hoses, etc. I am sure that big IT giant’s will “force” us in future to connect everything to network. For example if you don’t have” connected ” car your insurance will be much high.
      We are listening CEOs of: Microsoft, Oracle, SAP, Amazon, Cisco, etc, etc how they talk about revolution, better life, green planet, but in the end all they are thinking of is Profit! IT giants are new “oil- tycoons ” of 21 century.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel