The 5 Worst IoT Hacks and Vulnerabilities in Recorded History

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

IoT hacks are unbelievably effective. By leveraging thousands (if not millions) of insecure connected devices, hackers can produce DDoS attacks that can cripple our infrastructure, systems, and way of life. Or, attackers can go straight for the kill by directly exploiting a device and using it as a gateway to deeper levels on a network where they gather sensitive and valuable private data.

And things are about to get worse. Forbes predicts that by 2025, we’ll have over 80 billion smart devices on the internet. Much of the embedded firmware running on these devices is insecure and highly vulnerable, leaving an indeterminate number of critical systems and data around the world at risk.

If you’re in the IoT space, read on to understand these hacks and vulnerabilities. They’ll open your eyes to how the future could (and likely will) look and prompt consideration on why devices must be secured today.

Here are the 5 Worst IoT Hacks and Vulnerabilities in Recorded History:

1 – The Mirai Botnet (aka Dyn Attack) – According to PC Magazine, “Millions of insecure Internet of Things (IoT) devices were swept into the Mirai botnet and used to massively overload domain name system (DNS) provider Dyn with a DDoS attack. The attack knocked out Etsy, GitHub, Netflix, Shopify, SoundCloud, Spotify, Twitter, and a ton of other major websites. Here are four straightforward loT security lessons that businesses can take from the incident:

Devices that cannot have their software, passwords, or firmware updated should never be implemented.Changing the default username and password should be mandatory for the installation of any device on the Internet.Passwords for IoT devices should be unique per device, especially when they are connected to the Internet.Always patch IoT devices with the latest software and firmware updates to mitigate vulnerabilities.”

2 – The Hackable Cardiac Devices from St. Jude – Early this year, CNN wrote, “The FDA confirmed that St. Jude Medical’s implantable cardiac devices have vulnerabilities that could allow a hacker to access a device. Once in, they could deplete the battery or administer incorrect pacing or shocks, the FDA said.

The devices, like pacemakers and defibrillators, are used to monitor and control patients’ heart functions and prevent heart attacks.”

The article continued to say, “The vulnerability occurred in the transmitter that reads the device’s data and remotely shares it with physicians. The FDA said hackers could control a device by accessing its transmitter.”

3 – The Owlet WiFi Baby Heart Monitor Vulnerabilities – Right behind the St. Jude cardiac devices is Owlet WiFi baby heart monitor. According to Cesare Garlati, Chief Security Strategist at the prpl Foundation: “This latest case is another example of how devices with the best of intentions, such as alerting parents when their babies experience heart troubles, can turn dangerous if taken advantage of by a sinister party. Sadly, this is more often than not in the case of embedded computing within so-called smart devices. The connectivity element makes them exploitable and if manufacturers and developers don’t consider this and take extra steps to secure devices at the hardware layer, these are stories that we will, unfortunately, keep hearing.”

4 – The TRENDnet Webcam Hack – And, continuing with the baby theme, TechNewsWorld reports, “TRENDnet marketed its SecurView cameras for various uses ranging from home security to baby monitoring and claimed they were secure, the FTC said. However, they had faulty software that let anyone who obtained a camera’s IP address look through it — and sometimes listen as well.

Further, from at least April 2010 [until about January 2012], TRENDnet transmitted user login credentials in clear, readable text over the Internet, and its mobile apps for the cameras stored consumers’ login information in clear, readable text on their mobile devices, the FTC said.

It is basic security practice to secure IP addresses against hacking and to encrypt login credentials or at least password-protect them, and TRENDnet’s failure to do so was surprising.”

5 – The Jeep Hack – The IBM SecurityIntelligence website reported the Jeep hack a few years ago, saying, “It was just one, but it was enough. In July [2015], a team of researchers was able to take total control of a Jeep SUV using the vehicle’s CAN bus. By exploiting a firmware update vulnerability, they hijacked the vehicle over the Sprint cellular network and discovered they could make it speed up, slow down and even veer off the road. It’s proof of concept for emerging Internet of Things (IoT) hacks: While companies often ignore the security of peripheral devices or networks, the consequences can be disastrous.”

 

Knowing is half the battle: find out how secure your firmware really is.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
102 Followers
About Tactical Network Solutions
Are you concerned about risky, vulnerable embedded firmware in IoT devices, connected medical devices, automotive ECUs and industrial control systems? You're not alone. Since 2007, Fortune 500 companies and governments around the world have sought out Tactical Network Solutions for reverse engineering training programs, firmware evaluations, and cyber risk mitigation strategies. Clients are excited to leverage our automated firmware evaluations and consulting performed with the proprietary Centrifuge IoT Security Platform. The evals are completed with NO access to source code on compiled images containing a Linux-based root filesystem compiled for either MIPS, ARM, or X86. We also support QNX (a real-time operating system) and Docker containers. TNS evaluations have revealed thousands of hidden attack vectors including erroneously placed private crypto keys, insecure binaries with highly vulnerable function calls and other rampant security holes on embedded firmware. Our community of clients includes firmware developers, underwriters, law firms, governments and intelligence agencies worldwide who share a common goal: to discover hidden attack vectors in IoT and connected devices.
Promoted Content
TNS Issues a Sample IoT Security Report Showing Backdoors in a Connected Device
First, the good news: The extremely high number of connected devices rapidly coming to market has consumers and manufacturers excited. The new IoT devices often include advancements, more effective data collection and greater ease of use. Now, the bad news: When the devices are not built securely, they also bring unnecessary exposure, vulnerabilities, and danger.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel