The IoT Attacks Everyone Should Know About
The innovations that IoT has brought into organizations and individuals’ everyday lives have experienced an upsurge in recent years. For example, walking through an automobile company’s assembly line will reveal intelligent technologies that execute serial or batch activities with minimal or no human supervision.
The UK-based online supermarket startup – Ocado and Amazon have both developed massive grocery sorting and delivery technologies based mainly on IoT. There are also household appliances and devices that can operate remotely. Good examples are surveillance cameras, lighting systems, automated driveways, sprinkler systems that wet the grass after analyzing the local weather forecast, smart microwaves ovens, and fully synced apartments.
Such smart devices with IoT capabilities require an active internet connection for optimum efficiency. However, connecting IoT devices to the internet exposes them to potential security threats common to every network device. The vast opportunity of connectivity that comes with internet access is almost always juxtaposed with security challenges. There are still people looking around for resources (both hard and soft) to exploit the internet. Hackers can use devices as harmless as dishwashers or thermostats as a vulnerable loophole on an otherwise secure network.
Are IoT Devices Vulnerable?
But, are IoT devices vulnerable, or are the claims of security breaches on them mere conspiracy theories to discourage technology lovers from adopting IoT? The history of security breaches on the internet highlighted in the next section and telltale pieces of evidence of IoT devices being regular suspects answers our questions.
Famous Examples of IoT Attacks
There are several cases of IoT attacks; these are a few of them to help create a clearer picture:
1. The Mirai Crackdown on Dyn
In the latter portion of 2016, hackers violated a prolific Domain Name Service provider’s computer network – Dyn. At the time, Dyn was the DNS provider for companies like Twitter, Netflix, Reddit, CNN, and The Guardian. The DDoS attack was carried out by hackers recruited about 600,000 IoT devices and other computers, having taken remote control using a malware named Mirai.
The Mirai botnet attack crippled Dyn for several hours by overwhelming the company’s network resources.
2. Hijacked SUVs
The hack, in this case, was merely a simulation, but a hack worthy of concern. A group of researchers, in 2015, exploited a firmware update vulnerability of a Jeep SUV via a mobile phone network. After gaining access to the vehicle’s data bus, the researchers could slow down, stop, and swerve the car off the road.
3. Literal Heart Attacks
Advances in medical science have made it possible for individuals who have had heart procedures and pacemakers or defibrillators implanted to supplement their weak hearts. The US Food and Drug Administration (FDA) confirmed vulnerabilities in the cardiac devices that could make it possible to render them inactive or malfunction under the influence of a hacker’s tweak. The FDA made this discovery particularly concerning heart implants used on patients at a particular hospital.
4. Thermo-access to a Casino
Another widely reported IoT vulnerability case was perpetrated by a group of hackers who found a security loophole in the form of a thermometer installed in the casino’s aquarium. After gaining access to the casino’s network, the group successfully laid hands on the establishment’s sensitive data.
5. The Big Brother Access
Like George Orwell’s Big Brother, several internet-connected cameras are accessible to hackers who know the right holes to dig. CNN managed to prove how vulnerable these devices can be by using Shodan, an IoT search engine. Using Shodan, the private news company broadcasted live feeds from the cameras of random people worldwide, probably without being aware of their exposure.
Causes of IoT Security Vulnerability
The advent of IoT technologies is still in its prime years and is yet to address some critical issues in its adoption. Yes, IoT devices can be beneficial, but innovators are even more concerned with the functional stability of the devices before addressing the burgeoning daily reports of security vulnerability.
Below are some of the crucial factors that have made the security threats experienced with IoT devices to linger.
1. Breaching IoT Devices by Exploiting User Ignorance or Carelessness
When it comes to protecting yourself against viruses attacking your PC’s operating system or cascading your online footprint while using public Wi-Fi, the average user of such technologies is quite informed. But when it comes to newer technologies like IoT devices, users are more concerned about checking the weather forecast on the GUI of their new refrigerator than concerning themselves with its security. “What risk could a refrigerator possibly have?” is a reasonable question to come to the average user’s mind.
In some cases, users of IoT technologies are outrightly ignorant of the implications of a breach in their devices’ security. Handling unwanted spam in the email inbox is not a problem. Still, a random survey of IoT device users would reveal that they do not understand the rudiments of securing these easily penetrable technologies. Some hackers only access a previously secure IoT device after making the user open a loophole through social engineering.
2. Security Vulnerability after Major Attacks
After every significant botnet attack that rocks the internet, technology manufacturers should naturally update devices with security-centered patches. However, the frequency of attacks across the internet makes security updates tiring. And unfortunately, hackers’ meticulous effort leaves a vulnerable loophole after every episode, which is often exploited repeatedly when not addressed promptly.
Another major challenge when updating IoT devices is that most of such patches are installed automatically, without requiring technical assistance. More often than not, the IoT device backups its documents by uploading them to the cloud and experiences a brief downtime while trying to restart or reconfigure its settings. Such periods could be exploited by hackers, notably when the internet connection is not encrypted.
3. Device Exposure Due to Manufacturers’ Non-Compliance with Security Standards
As mentioned earlier, manufacturers are more concerned and preoccupied with satisfying their consumers’ functional needs and are churning out glamorous and innovative devices without assessing the potential security loopholes that come with them. This revelation implies that with every new IoT device in the market, a new loophole for hackers to exploit arrives.
Manufacturers are still up and about flexing innovation muscles, and still lacking is a consensus on the security standards to follow. Having a rallying ground similar to that which open access technologies offer for IoT security will eliminate many of the increasing challenges ascribed to them. But alas, manufacturers are out to get the largest market share by dazzling consumers with devices with improved functionality but lacking security.
4. Physical Vulnerability of IoT Devices
The functionality of most IoT devices involves their operability with no human control after installation. For example, Ocado’s automated warehouses, which span a physical space equating about two standard football fields, are manned mostly by IoT powered robots and just a couple of human employees. However, anyone can easily hijack IoT devices installed in remote locations without any form of human surveillance by installing malware, using available ports on the device. For example, CCTV cameras could be easily tampered with or even used as an access point into an otherwise secured network.
For example, physical access to just one of Ocado’s grocery sorting robots could lead to compromise of the security of all the company’s warehouses across the world, that is, if they have a shared network.
5. Ease of Recruitment into Botnets
Due to the necessity of intermittently updating security patches, IoTs have become devices of easy virtue with hackers. Before initiating a botnet attack, hackers build their botnet army by installing malware on vulnerable devices via one of several means. Afterward, the compromised devices get a Handler, usually a controller server, which then utilizes them to execute a coordinated DDoS attack on an earmarked internet user.
Also, due to the increased popularity of IoT devices on sensitive systems, it becomes possible for hackers to sabotage essential facilities like the power grid, heating system, or traffic control.
6. Manipulation of IoT Devices into Spy-Ware
Imagine a hacker who has gotten access to your child’s babycam sending footage while you are away on a business trip. Such persons could exploit the situation by asking for a ransom as a return for preserving your family’s privacy. The technical teams of the central security units of technologically capable nations are likely to utilize IoT devices for spying on other people.
Conclusion — Keeping Safe While Using Smart Devices
Security should be a big concern when acquiring an IoT device as there are some vulnerabilities that hackers could exploit. If it so happens that it becomes expedient that you acquire an IoT device, before deploying for active use, remember to change the default username and password. Read the manufacturers’ manual to understand the steps involved in updating the device’s firmware. The updates will keep you safe from threats that could spring up from holes that have been successfully plugged by the manufacturer’s security team.