Weirdest and Wildest IoT Hacks

attack IoT devices

The Internet of Things is consistently growing; by some estimates, 127 new smart devices are connected to the internet with each passing tick of the clock. It’s perhaps unsurprising, then, that there are significant concerns about our ability to keep up with securing and protecting these devices.

Internet of Things security is an emerging issue as cybercriminals continue to come up with new and inventive ways of accessing connected gadgets. Whether you have just installed your first smart security camera or are a seasoned IoT veteren, it’s important that you remain up to date with the latest (and wildest) threats.

The IoT explained

If you haven’t ever heard the term before, you might be wondering; what is the Internet of Things? Broadly defined, the term ‘Internet of Things’ refers to every device that is connected to the internet. However, laptops, smartphones, and tablets tend to be excluded from this grouping. The other defining factor of IoT devices is their ability to ‘talk’ to one another or exchange data.

This exchange of data — whether it be location, heart rate or sleeping patterns — allows devices to create a personalised user experience. A common example of an IoT gadget is the Google Nest. Voice recognition technology allows the user to access the day’s top headlines, control connected smart home devices, and stream security camera footage, all through the power of their speech.

Used in a personal setting, IoT devices offer convenience and can save you time around the home. Businesses are also rapidly adopting the technology, finding that it boosts employee efficiency, improves customer experience, and creates new and innovative expansion opportunities.

Given the prevalence of the IoT (Statistica estimates that by 2025, there will be over 38.6 billion connected devices), it is likely that you routinely engage with the Internet of Things.

IoT security concerns

The prevalence of cybercrime means that online security should always be a top priority. This is particularly true of IoT users, who are effectively giving away hordes of personal data for free. A smart watch can store your location, health status, food intake, and sleep movement. Depending on what types of apps you have downloaded, your smart wearable may also contain information from your social media accounts, emails, and text messages.

You might feel that these are the kinds of details that your smartphone tracks anyway, which is partly true. The difference between the two devices is the level of inbuilt security. While smartphones are generally able to recognise and defend against common threats, smart watches (and other IoT devices) do not necessarily have the same capabilities.

There is also the question of data storage security. Not all IoT manufacturers understand the responsibilities they hold to their customers or are aware of the types of cyberthreats that are out there.

Time and time again, Internet of Things security concerns have proven to be legitimate. Hackers see these devices as prime opportunities to infiltrate homes and businesses, stealing data and generating serious damage.

Hacks you should know about

Luckily, standard Internet of Things security protocols are becoming more widespread and better understood. Still, it can pay to take a look back at the weirdest and wildest IoT hacks of all time so that we can better understand the actions of online criminals.

Ocean’s 11: The IoT edition

It might sound like something out of an action movie but in 2017, cybercriminals hacked into a casino’s aquarium with the aim of stealing company data. They ultimately succeeded, with almost 10 gigabytes sent to a remote server in Finland before an online security company realised what was going on.

The temperature, salinity, and feeding cycle of the high-tech aquarium — which had only just been installed by the casino — could be controlled remotely through an internet connection. This unsecured network provided a gateway into the casino’s internal servers and private data.

Botnet breaks the internet

A botnet is a collection of connected devices, which can be controlled to carry out actions en masse. These actions tend to be malicious and usually involve spreading viruses and malware. The world’s first botnet was built back in 2000 and sent over 1.25 million spam emails.

Since then, botnets have wreaked worldwide havoc — none more so than the 2016 Mirai attack. While botnets usually recruit PCs and laptops to carry out their work, the cybercriminals behind Mirai decided to target IoT devices that were tied to unsecure networks and protected only via weak username/password combinations. The Mirai hackers used a DDoS attack (Distributed Denial of Service), originally with the aim of crashing Minecraft servers but ultimately shutting down much of the internet on the east coast of the U.S.

Hackable hearts

Fuelled by the innovative capabilities of the IoT, the medical device industry has undergone tremendous growth over the past decade. Unfortunately, vulnerabilities in device security have the potential to put real lives at risk.

In 2017, the FDA recalled over 500,000 pacemakers due to fears that lax security protocols could endanger patient health. With the right technology, hackers could potentially run down the batteries of these devices or even alter a person’s heartbeat.

Removing a pacemaker is a difficult procedure and so the manufacturing company instead opted to install a security patch to update the firmware. Luckily, no deaths were reported from this IoT vulnerability.

International doll of espionage

Gone are the days of wooden blocks and rocking horses; children now have access to a wide range of interactive toys that are designed to both inspire creativity and educate.

IoT technology is a recent addition to children’s toys but not all parents are pleased. In Germany, a doll known as ‘My Friend Cayla’ was banned in 2017 by the country’s Federal Network Agency, who declared the toy an ‘illegal spying device’.

‘My Friend Cayla’ was a very popular toy that used Bluetooth and internet connectivity to respond to a child’s questions in real time. Cybersecurity experts worried that hackers could potentially access unsecured servers and learn private information that children had shared with their toy. Complaints were also raised across the US and EU.

As you can tell, keeping up with these cybercriminals will require a combination of knowledge, quick wit and ideally, trustworthy security software. Internet of Things security can be achieved, as long as we stay one step ahead of the hackers.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.