In the world of technology, the term ‘Internet of Things‘, can be any natural or man-made object that has an assigned IP address and provides the ability to transfer data over a network. In terms of Security, ‘Internet of Things’ is a major concern as well as a priority, but organizational capabilities to address the concerns are not getting evolved as quickly as are affected products (IOT devices) or the concerns themselves i.e. the growing threats.
Daniel Markuson, the digital privacy expert at NordVPN says
“Things that were once the plot for a science fiction movie, such as household appliances being hacked and turned against humanity, now became a reality. IoT hacking can be extremely effective, producing DDoS attacks that can cripple our infrastructure, systems, and way of life,“
Past IoT Attacks
Experts say that security can be patchy for some IoT devices, especially low-cost low-powered items. Hackers can use technology to scan hundreds of thousands of devices for weak security, such as those with default passwords like “admin”, “guest” or “password”.
The likelihood of finding an IoT device that hasn’t been set up properly, or with a weak password is quite high, leading to a vulnerable space for the hacker to attack the system. Prior cyber attack on IoT has been proved to be a great loss by “Mirai botnet” in 2016, where thousands of cameras, routers and digital video recorders were used to bring down websites including Twitter and New York Times.
There are multiple vulnerable areas in IoT device security which are explained as below along with few breaches that have occurred earlier.
Vulnerability of all IoT systems: At times, researchers working to find a vulnerability might uncover multiple loopholes in the system unknowingly. This happened in Japan, where IoT security management was shaken by dummy attacks . These dummy attacks as suggested before the project came into action brought attackers attention to these vulnerabilities.
Beginning on February 20, CNN reported of the Japanese officials who started probing 200 million IP addresses linked to the country, sniffing out devices with poor or little security. Michael Gazeley, director of Hong Kong-based security firm Network Box, warned that while the intentions of the test were good, it could potentially backfire on users, by creating an easy attack vector for hackers. Thus this was a potential tracking system for hackers to get into IoT systems by the government.
Insecure Fax Machine and Printers: An organization having access to a Fax machine might also fear the sight of attackers irrespective of being a technical and non technical organization. Researchers from Check Point, caught hold of a vulnerability with Fax machines. They analyzed that fax machines have security vulnerabilities that could pave a way for hackers to steal data through a company’s network using just a phone line and a fax number. The researchers also demonstrated how they were able to exploit security flaws in a Hewlett Packard all-in-one printer at DEFCON 26 conference.
A report by “Global Print Security Landscape, 2019” stated that security research firms Quocirca, printers that are connected to an organization’s network, are the potential vector for cyber attacks. The report highlighted that 60 percent of businesses in the U.K., U.S., France, and Germany suffered a print-related data breach in 2019, which resulted in a data loss that cost companies an average of more than US$ 400,000.
Smart Home Hack: Smart home has been an upcoming technology for making life easy and organized. With this the home appliances and systems are remotely connected and monitored. Though this feature makes your day to day life much easier, yet it comes with a huge cost of security.
Fox6 reported in September 2019 a horrifying incident occurred, where a smart home setup for a Milwaukee-based couple was hacked by a malicious party. The attacker played disturbing music from the video system at high-volume while talking to them via a camera in the kitchen, and also changed the room temperature to 90 degrees Fahrenheit by exploiting the thermostat. This made the situation very scary for the residents, living in the fear that they are being eyed upon.
Also multiple reports have disclosed vulnerabilities in smart bulbs. According to a research expert at the University of Texas at San Antonio (UTSA), hackers can compromise infrared-enabled smart bulbs by sending commands via an infrared invisible light emitted from the bulbs to exploit other connected IoT devices existing on the home network.
Mobile microphones stealing passwords: While using your mobile devices, a user cannot believe that their actions can be used for unlocking their bank accounts and other details.
Researchers had designed a malware for academic purposes that can abuse a Smartphone’s microphone to capture the device’s passwords and codes. In their report, “Hearing Your Touch: A New Acoustic Side-Channel on Smartphone’s,” the researchers claimed that they’ve found the first acoustic side-channel attack that presents what users type on their touch-screen devices.This research by the experts once revealed to hackers can be duplicated in malicious ways.
#Baby Monitor hacked: Usually working couples feel relaxed with this technology of monitoring their baby from anywhere. A sense of relief when changed to a fear of their child’s security, makes the technology more of a boon. There have been incidents of hacked baby monitors, leading to bullying victims for their child’s security.
Late December 2018 news stated a baby monitor hacking where the third party got access to the baby monitor wireless system installed at a house. The hacker did not just commit cyber crime, but made this IoT attack a source of terrorizing parents of their child’s kidnapping.
Multiple other vulnerable situations on IoT’s have been reported in Finance monthly in 2019 like the Spying doll Cayla, Hackable medical devices and insecure home thermostat. These attacks bring a question of privacy to everyone considering technology a companion. If cameras and microphones are studded around your residential area or workplace, they are definitely watching and listening to you.
Everything in the IoT collects data which has a profound value, if not for an individual but for data analyzer and market trend readers. This data, if it gets in the hands of unauthorized party, can be used in various notorious ways to harass the victim.
In a recent study, researchers found that 72 of the 81 IoT devices they surveyed had shared data with a third party unrelated to the original manufacturer, making users’ information much more vulnerable.
Please contact LIFARS if any cybersecurity incident affects you, your family or your enterprise.