The internet of things (IoT) is a growing network of interconnected devices. It is hoped that one day most or all of the electronic gadgets around us will be able to communicate with one another. However, a number of infamous hacks directed against IoT demonstrates terrifying vulnerabilities of these devices.
The following six hacks are of particular concern for both businesses and individual users.
CloudPets are the internet-connected toys that allow parents and children to exchange audio messages with one another. While being extremely fun and convenient, these popular toys are a dangerous threat to children privacy as a major vulnerability was found in these devices.
The vulnerability was discovered by a security researcher, Troy Hunt who found that the devices were storing the email addresses and passwords of their owners unencrypted, so anyone who had access to them could read this sensitive information.
Not only login credentials, but also the voice messages of kids and their parents were left in a vulnerable state where an attacker could easily access them.
Also See: Why Ransomware Will be the Biggest Cyberwar Threat in 2019?
-
Owlet Wi-Fi Baby Heart Monitor
This simple device was supposed to give parents peace of mind by making it easy to monitor their baby’s heartbeat. The devices were designed to be worn in a sock and to transmit the data they recorded to a nearby smartphone.
This means that parents could receive alerts if the device detected any abnormalities in the baby’s heartbeat.
However, researchers discovered that these innocent gadgets were broadcasting their data in an unencrypted format, requiring no authentication to access it. This made it very easy for malicious actors to access the system, send fake alerts, and steal users’ data.
This is perhaps the most infamous IoT attack to this day, named after the virus that was used to infect users’ machines. The Mirai botnet was able to spread globally; once the virus infected one device, it would connect to the internet and begin looking for other devices that were vulnerable to the same exploit. Once it found one, it would use the default login credentials to access the device and repeat the process.
The tech services company Dyn took the brunt of the resultant DDoS attack, which brought large parts of the internet down for some time. Some of the largest websites, such as Reddit, Twitter, and Facebook were also affected.
This hack demonstrates the importance of taking basic security measures to ensure the protection of IoT devices.
Whether at home or in at your workplace, installing a router-level VPN will ensure that all your outgoing internet communications are securely encrypted, making it much more difficult for an attacker to infect your devices and involve them in a botnet.
One of the more alarming demonstrations of IoT vulnerability occurred in 2016 when a team of security researchers demonstrated how a hacker could access and control of a Jeep vehicle remotely.
They were able to take complete control of the vehicle’s systems, allowing them to steer it, adjust its speed, and even make the vehicle stop.
The demonstration caused a storm in the cybersecurity industry and led to numerous car manufacturers issuing patches and security updates for their in-vehicle software.
-
Devil’s Ivy/Rube-Goldberg Attack
This attack is named after the vulnerability it managed to exploit and gain control of connected devices.
The first stage of the attack involves targeting a security camera with a known vulnerability. Once a vulnerable camera connects to the unprotected wireless network, the attackers then use the exploit to perform a factory reset on the camera, which gives them root access of the device.
Once the attack is complete, the attackers can then view the camera’s video feed. Not only this allows them to invade user’s privacy, but also watch employees entering security codes and login credentials of their sensitive work accounts.
-
St. Jude Wireless Pacemakers
The IoT can offer a lot to the medical sector by helping professionals perform their daily tasks and complex operations. For example, St. Jude is a medical device company that, among other devices, also produces wireless pacemakers. These devices transmit information about the patient’s heart condition back to their physician.
They also allow the physician to make adjustments to the pacemaker’s settings remotely.
Unfortunately, security researchers discovered that they could access the pacemaker’s wireless transmitter with relative ease. This then allowed them to intercept data, and even issue commands to the device.
As this security vulnerability could have fatal consequences, it was reprimanded by the FDA.
The internet of things could one day revolutionize the way we use devices around us. However, if the IoT is ever to achieve its goals, we need to start taking security much more seriously.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
