https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

Hacking

Forget Stuxnet, Even Simple IoT Hacking Can Disrupt

While advanced attacks like Stuxnet and BlackEnergy often get mentioned in IoT-hacking contexts, relatively simple attacks can cause outsized damage.
  • Written by Brian Buntz
  • 11th May 2018

Is the proliferation of the Internet of Things increasing the risk of a “Cyber Pearl Harbor,” a term coined in 2012 by then U.S. Defense Secretary Leon E. Panetta? Maybe. There are undoubtedly ominous warnings that cybercriminals are setting their sights on vulnerable targets such as critical infrastructure. In addition, cyberwarfare has become a high priority for nations across the globe.

Many cyberattacks from nation states and other threat actors seem designed out of schadenfreude: to annoy, disrupt or line the pockets of the perpetrators involved (at their owners’ expense) rather than destroy their targets. There are, of course, seeming exceptions. For instance, a hacker going by the name of “Janitor” sought to render numerous unsecured IoT devices either unusable or in need of a firmware install with his BrickerBot malware. Ultimately, Janitor claimed 10 million IoT devices that were retired after being hit with IoT hacking malcode. But the stated purpose of BrickerBot was to make unsecured IoT devices unusable, so they can’t be targeted in botnets or hit with other malware. It wasn’t to destroy for the sake of destruction.

While IoT opens up new possibilities of attacks — which can influence the physical world and cause safety problems in some cases, most IoT hacks are more likely to annoy than destroy. While hackers could very well take down, say, a power plant or an airport, “it is quite difficult today to create massive damage to a power plant or some other type of critical infrastructure,” said Yotam Gutman, vice president of marketing at SecuriThings. But as the number of connected devices grows, so do the risks of damaging IoT-based attacks. Here, Gutman provides a glimpse of some of the attacks that may be lurking around the corner.

IoT-Based Psychological Warfare

In an Internet of Things context, the risk of disinformation campaigns has received relatively little attention. While “fake news” has become a mainstream term since the last U.S. presidential election, propaganda campaigns don’t necessarily require social media to be effective. “What if Nazi Germany had been able to broadcast in English to create psychological leverage on the civilian population?” Gutman said. “Today nation states and even hacktivists could use smart devices for disinformation campaigns.” Threat actors could target an array of devices, ranging from smart TVs to internet-connected signs in public areas, and use them to display inaccurate or offensive information. Already, terrorists have been targeting WhatsApp and Facebook groups for such purposes. “This is a tactic that we know is effective,” Gutman said. “Smart devices could be just another vehicle for them to change public perception.”

Grid Manipulation Attacks

Yes, hackers are ramping up their efforts to target utilities and even nuclear power plants. But the Internet of Things opens up an array of possible attack vectors that could interfere with utilities indirectly. Making an army of IoT devices mine cryptocurrency could cause a significant spike in energy use while earning money for the hackers involved.

But even the comparatively simple act of merely turning on scores of devices at the same time could incite chaos. A hacker with control over a smart thermostat located across a geographical area could turn on air-conditioning units during a heat wave, prompting brownouts or blackouts.

Even turning on hundreds or thousands of devices using relatively little power individually could be disruptive — which has been a well-understood phenomenon for decades. In the United Kingdom, there is even a phenomenon known as “TV pickup” to refer to a surge in power from boiling tea kettles and electric appliances during commercial breaks. “It’s technically doable to do the same sort of thing with IoT devices,” Gutman said.

Cybercriminals could also target a range of IoT devices in a single building. “You could cause problems with load balancing and, if they have a transformer, it could either shut down or catch fire,” Gutman added.

Targeting Water Infrastructure

Water treatment facilities are susceptible to a range of IoT-related attacks. But while the prospect of a large-scale attack on water infrastructure may get attention at cybersecurity events, even relatively simple attacks can cause significant damage.

[Internet of Things World addresses the security concerns for IoT implementation in every vertical, attracting senior security professionals from the world’s biggest organizations. Get your tickets and free expo passes now.]

In 2000, an Australian man, Vitek Boden, was angered after a local city council rejected his job application. He responded by launching an attack manipulating Wi-Fi-connected sewage pumps, reversing their direction of operation. As a result, millions of liters of raw sewage contaminated the region’s parks, rivers and the property of a nearby Hyatt Regency. “Marine life died, the creek water turned black and the stench was unbearable for residents,” Janelle Bryant of the Australian Environmental Protection Agency told The Register. “Roughly a decade before Stuxnet, this was the first recorded incident of cyberattack in the physical domain,” Gutman said. Even today, attackers could cause significant damage using similar tactics without having to penetrate robust IT or OT networks.

Hacking Connected Cars, Indirectly

From a cybersecurity standpoint, one of the first things most people think about when thinking about connected and autonomous vehicles is: “How vulnerable are they to cyberattacks?” While that is a valid question, a topic receiving less attention is: “How susceptible are the devices they connect to?” “We shouldn’t forget that autonomous vehicles will constantly communicate with their surroundings,” Gutman said. There will likely be a variety of devices — traffic lights, kiosks, etc. that use M2M communication with vehicles as they pass by. “I dare say that these devices will be significantly less secure than the vehicles themselves,” Gutman said. It will likely be easier for hackers to target, say, a traffic light than the car itself. “You could change the traffic light to cause a car crash or make the lights turn red to cause a massive traffic jam.”

“In a way, this is almost like trolling,” Gutman said. “When everything is ‘smart,’ you can cause a security disturbance that requires a human operator to override what you did.”

Tags: Article Security Technologies

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested
  • Image shows a Close up of lens on black background
    Carnegie Mellon Researchers Invent System to Find Hidden Cameras
  • STMicroelectronics
    STMicroelectronics, Microsoft Partner to Develop IoT Security Solutions

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

AI Summit 2022: easyJet’s Ben Dias on AI in Aerospace

The company’s director of data science and analytics talks about the industry’s use of AI.

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022
IoTWorldToday, IoTWorldSeries

Firefly-Inspired Robots Enable Motion Tracking, Communication dlvr.it/STJn0H https://t.co/ksRSzYcR4z

4th July 2022
IoTWorldToday, IoTWorldSeries

Partnership to Globally Expand Robotics Solutions dlvr.it/STJlyx https://t.co/YWAtpUfcNd

4th July 2022
IoTWorldToday, IoTWorldSeries

Researchers Use Robotic Prey to Track Predator Behavior dlvr.it/STJjyB https://t.co/6rJICwgK2i

4th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail dlvr.it/STJYcq https://t.co/NcNinAiPUE

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X