7 Scary Internet of Things Hacks and Exploits That Really Happened
By Bertel King, Jr., Make Use Of, 26 February 2019.
By Bertel King, Jr., Make Use Of, 26 February 2019.
The Internet of Things (IoT for short) offers up an interconnected world of wireless devices. Manufacturers and retailers are quick to tout the convenience of controlling your home, your car, medical devices, and toys from a smartphone or computer.
But they’re less keen on disclosing the side effects. Here’s a rundown of several frightening incidents that were made possible by internet-connected devices.
1. Camera Delivers False Nuclear Missile Alert
One minute you’re watching football. The next, an emergency broadcast warns of intercontinental ballistics missiles heading to three different parts of the country. The TV never stops showing the game, and according to the news, nothing is going on. Your kid hides under the rug, terrified, while you and your spouse try to figure out what’s going on.
This happened to a family living in Orinda, California. The culprit? The Nest security camera sitting above their TV. Someone gained access to the device’s login credentials and decided to play a prank. Laura Lyons described the incident as “five minutes of sheer terror” to the Mercury News.
Reported incidents of such pranks have grown as people purchase Wi-Fi-enabled cameras from Nest and other companies. A Houston couple reportedly heard a voice in their infant’s room threaten to kidnap their child.
2. IoT-Powered Botnet Takes Down the Web
Sometimes when you can’t access a website, it’s because someone screwed up somewhere. Other times, it’s because the site is suffering from a distributed denial of service (DDoS) attack. A powerful device, or a network of devices, is hitting the site with more traffic than it can handle.
Toward the end of 2016, a massive DDoS attack targeted systems operated by the Domain Network System provider Dyn [pictured above]. Dyn’s job was to connect the web address you enter into your web browser with the IP address that points to a website.
With DNS functionality blocked, users couldn’t access dozens of high profile sites such as Amazon, GitHub, Netflix, Twitter, and Zillow. Wanted to know what was going on? You couldn’t visit the BBC, CNN, or Fox News sites either.
At the time, this was the largest DDoS on record. The culprit was a giant botnet of IoT devices that were infected with the Mirai malware. That’s right, you don’t have to own a single IoT device for their poor security to cause you problems.
3. Light Bulb Shares Your Wi-Fi Password
IoT devices seem simple. That’s part of their selling point: simplify your life by purchasing a product that’s easier to manage. But in order to connect to the internet, these products must have all the necessary code, just like a regular computer.
The thing is, while your laptop operating system goes through some effort to protect your data, the code on most IoT devices does not.
As Limited Results discovered, a white LIFX Mini light bulb doesn’t make any effort to shield the Wi-Fi network and password you provided during setup. Instead, it saves the data in plaintext (the format a text editor uses, such as Microsoft Notepad).
Anyone who finds the bulb in the trash or steals one from an outdoor light fixture can gain access to your home network.
4. Thermometer Shares Casino’s Customer Data
When you run a business, you not only have to protect your own data, you have to safeguard your customers’ data as well.
In 2018, a casino suffered a database breach from an unexpected location. According to a Business Insider report, hackers managed to gain access to the casino’s network via a smart thermometer that monitored the water of an aquarium in the lobby.
Once the hackers gained access to the network, they found the high-roller database and uploaded the data back out via the thermometer’s cloud connection. This database showed who were the biggest spenders and other private details.
5. Smart Speaker Records Private Conversation
A few years ago, smart speakers were a novel concept. Now Amazon Echo, Google Home, and Apple HomePod devices sit on shelves in homes all over the world.
These devices provide similar functionality. They give owners the ability to get weather reports, seek out factual information, play music, and control parts of their home. You interact with these gadgets using your voice.
To detect your voice, these devices have to listen constantly. Companies promise privacy, but there have been multiple instances of speakers recording and uploading private conversations.
In one such instance, a Seattle-area news station covered a woman in Portland who received a phone call from a random phone contact who was being sent a recording from her Amazon Echo.
6. Implanted Cardiac Devices Could Have Been Hacked
This one is frightening not for what happened, but what could have happened. In 2017 the FDA confirmed that St. Jude’s implantable cardiac devices had vulnerabilities that could have been hacked. As CNN reported, the problem resided in the transmitter that remotely shared the device’s data with physicians.
If a hacker exploited the vulnerability and gained access to the device, they could deplete the battery, change the pacing, or administer shocks. Devices intended to prevent heart attacks could make matters worse.
Fortunately St. Jude released a patch. Still, as long as devices remain connected to a network, the risk exists. When it comes to heart-related devices, the stakes are particularly high.
7. Hackers Take Control of a Jeep
When you buy a new car, internet connectivity is often one of the touted features. Your car can download maps, stream music, or serve as a hotspot for the other devices in your vehicle.
Unfortunately, car companies either don’t know how to secure their vehicles or or don’t care enough to invest the necessary funds. Either way, your life is left at risk.
Hackers showed a Wired reporter how it was possible to take control of parts of a Jeep remotely. They weren’t limited to the obvious internet-related functionality, either. From the comfort of their computers, they could disable the vehicle’s brakes.
More IoT Hacks Are Likely in the Future
In the coming years, the number of internet connected devices is expected to grow by the billions. As more devices with poor security enter the wild, you can expect more people to take advantage of them.
The situation has gotten so bad that the Japanese government is willing to hack its own citizens to alert them to the gravity of the situation. In February 2019, the country began probing 200 million IP addresses in search for devices in the country with little to no security.
Topics like the Internet of Things can be tough to wrap your head around. The easiest way to stay safe is to avoid gadgets that call themselves “smart” and learn more about what the Internet of Things actually is.