https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Thinkstock

hacker's laptop

Botnet attacks and data breaches among top IoT hacking risks

By now you have heard that IoT security is a problem. But what are the most-troublesome vulnerabilities?
  • Written by Michal Sal
  • 10th August 2017

Two U.S. senators, Mark Warner (R-Va.) and Cory Gardner (D-Colo.), just debuted a measure known as the Internet of Things Cybersecurity Improvement Act of 2017 that aims to “provide minimal cybersecurity operational standards for Internet-connected devices purchased by Federal agencies, and for other purposes.”

It’s telling that two politicians would take an interest in IoT hacking, which can include breaches of everything from IP cameras to fitness watches to thermostats. While such devices are designed to make our lives more convenient, the senators and a growing number of people are beginning to wonder: what happens when they turn bad? These seemingly innocent devices, which many of us have welcomed into our lives, can be unwillingly infected or hacked and thus join the dark side.

Robot + network = botnet attack

IoT devices can be forced to become bots that blindly follow commands to commit crimes as part of a botnet attack. A network of hacked devices, botnets are like zombie armies that perform tasks like carrying out DDoS attacks, Bitcoin mining and spreading spam emails. Pretty much any device connected to the internet can be infected and become part of a botnet. Hackers often recruit IoT devices to become bots because they frequently have weak security.

At the moment, cybercriminals mostly use botnets to carry out DDoS attacks and to mine for cryptocurrencies (which we have even seen run on DVRs), but they are capable of making hundreds of thousands of IoT devices do much more. Botnet attacks can send spam messages, ranging from phishing emails that contain malware that can lead to password or financial theft, to pump and dump schemes advertising stock from targeted companies. Botnets can also carry out click-jacking campaigns, distribute fake advertisements, and even worse, infect other IoT devices.

Dark things hide in dark places

You can find botnet attacks and other IoT hacking tools on darknet marketplaces. They are available to rent, or botnet source code can be purchased or even be had for free, such as with the Mirai botnet. The price tag for botnets for sale ranges from tens and hundreds of dollars per botnet, depending on the type of service, the amount of bots and devices available to use and, in the case of DDoS, the strength and duration of the attack.

[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]

Thanks to the competitive nature of the darknet, some botnets compete against one another. If an IoT device is already infected, another botnet can attempt to replace the infection with its code and in some cases also “repair” the security vulnerability used by the previous botnet to prevent re-infection and persist its position on the vulnerable device.

IoT devices turning bad can affect any of us

At the moment, IoT devices performing tasks as a botnet may not seem too critical, but what can happen if cybercriminals decide to go a step further?

We already know that it is possible to infect entire IoT networks by first infecting a single device. Proof-of-concept attacks demonstrate that this approach works. In one example, researchers modified the firmware of a smart light bulb and then altered the firmware of neighboring bulbs. In another example, researcher Cesar Cerrudo proved that he could hack a vehicle traffic control system to change traffic flow. In his 2015 Defcon presentation, Cesar explained that he could infect traffic sensors located in streets with a firmware update worm, which could then further infect other sensors.

These proof-of-concept attacks may seem innocent until we consider that smart cities in development now aim to be thoroughly connected in a few years. If these IoT devices and systems aren’t properly secured, hackers, nation states and even terrorists could gain control of them and cause complete chaos in cities, by controlling all the lights or traffic flow, just to name two examples.

In addition to IoT devices being hacked to carry out attacks on cities, we could see IoT devices be the next targets for ransomware attacks. When ransomware infected the computer system of an Austrian Hotel in February, guests were locked out of their rooms. The hackers behind the attack infected the same computer system also used to program electronic key cards for the hotel. It’s likely we’ll see other similar attacks that could target everything from high-profile individuals to industrial facilities to your smart thermostat. If your thermostat was infected with ransomware in the dead of winter, wouldn’t you pay up to pay up to be able to turn the heat back on?

I(oT) spy with my little eye: your personal data

A neglected risk when it comes to IoT devices is the possibility of personal data leakage as well as the tracking of movement of devices. Think about how much information an IoT device can collect: webcams can see whatever they are pointed at, smart TVs and personal assistants can pick up sound, smart factories gather company secrets, and smart cars and smart thermostats can give clues to whether or not someone is home.

The amount of data an IoT device collects depends on the device, but the subject of how that data is used and stored is up to the manufacturers. The trend today is to save seemingly everything in the cloud, and that applies to many IoT devices as well. Commands sent to an IoT device via a mobile phone can travel halfway around the world and go through several servers before an action is carried out. This information could be intercepted or rerouted to a malicious server, and be abused if not properly secured. Furthermore, hackers can breach data stored by manufacturers to collect a massive amount of personal information. Depending on the device, that data can include, for example, type of device, IP address, other devices connected to the network, location and more.

Cybercriminals, of course, don’t need to hack into a company’s server to gather information about you, they can go directly to the source instead. There are IoT search engines where one can find an enormous amount of vulnerable IP cameras that can be tapped into by just about anyone. These cameras are in stores, factories, warehouses, parking lots, but also in houses, garages, bedrooms and living rooms. People who use these “public” cameras don’t have the slightest suspicion that others may be watching their every move.

Imagine if a hacker gained access to all or most of the IoT devices in someone’s home. They could track their movement, listen to private conversations to then carry out a targeted attack against members of the household, or sell the information they collect on the darknet for others to abuse.

Growing numbers of IoT devices heightens the risks

The total amount of IoT devices is rapidly increasing, and it’s hard to predict what other commonly used things will become part of the wild IoT world. As the number of smart devices increases, so does the volume of possible IoT hacking exploits. Many IoT devices are essentially miniature computers connected to the public-facing internet or other networks with their own operating systems and the ability to perform quite complex computational operations, making them more powerful than we sometimes think, opening up more possibilities for criminals exploiting them.

The more we surround ourselves with IoT devices, the more motivation cybercriminals will have to target them. We can all imagine how hackers could abuse individual smart devices and the major problems that could occur if manufacturers do not begin to pay attention to securing their products. The IoT sector is still relatively young, and we hope that over time, we will reach a point where connected device security will dramatically improve. For the time being, however, you best keep a close eye on them.

Tags: Article Security Technologies

Related


  • Industrial safety
    In Industrial Realm, Trustworthy Software Means Safety
    Trustworthy software requires significant initial planning and a long-term perspective. 
  • 3d rendering of human brain on technology background
    AI Ups the Ante for IoT Cybersecurity
    Security providers in IT and OT have implemented AI, ML and other advanced technologies to make systems smarter than malicious attackers.
  • IoT security
    Dell Sells RSA Security for More Than $2 Billion
    Dell announced that it will sell RSA Security for more than $2 billion and pursue its own security strategy with greater focus.
  • LYNX MOSA.ic™ Avionic Platform (Advantage w/ Intel)
    Accelerate development and certification of mission-critical software systems by utilizing the unique capabilities of Intel virtualization-enabled CPUs. Brochure discusses features and benefits of using a modular development framework when designing, developing, certifying, deploying, and maintaining complex robust systems needing certification. Unleash the performance of Intel CPUs with a full featured, safety-certifiable platform Reduce NRE costs […]

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Five Principles in a Zero-Trust Security Approach to IoT
  • Protecting Your Network Against Ripple20 Vulnerabilities
  • Cybersecurity Crisis Management During the Coronavirus Pandemic
  • COVID-19 Driving Data Integration Projects in IoT

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

The eSIM Cookbook – Towards the Next Generation of Connected Devices

22nd February 2021

eSIM Delivers Greater Freedom for OEMs – by Beecham Research and Truphone

22nd February 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD sponsor, @aicas_IoT — a flexible, more efficient approach to embedded realtime application… twitter.com/i/web/status/1…

4th March 2021
IoTWorldToday, IoTWorldSeries

Microsoft Ignite 2021: Innovation in COVID-19 Era Signals Future Trends dlvr.it/RtwYcg

4th March 2021
IoTWorldToday, IoTWorldSeries

At Microsoft Ignite: How IoT and Robotics Are Driving Industry 4.0 dlvr.it/Rttgwj

3rd March 2021
IoTWorldToday, IoTWorldSeries

🎙️ Introducing #EIOTWORLD speaker, Obinna Ilochonwu, Industrial IoT Architect at Schlumberger. 📅 Join his session… twitter.com/i/web/status/1…

2nd March 2021
IoTWorldToday, IoTWorldSeries

#Smartbuilding technology lays the foundation for #energyefficiency efforts but also new COVID-19 goals, such as… twitter.com/i/web/status/1…

2nd March 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X