Over the past 10 years, connecting physical things to the internet has become quite a trend. People have been adding more and more devices to the internet, such as toasters, televisions, dog food dispensers, baby monitors and even wheelchairs. These devices provide very useful functionality in the average home, since you can change various environmental factors within your home just by clicking a button on a web app.
Of course, as with any fairly new technologies, there are some valid concerns from various viewpoints, including the privacy, security, design, environmental and economical impact on the world. These internet connected devices are becoming increasingly more common. In 2015, an average household had at least 7 internet connected devices. This contrasts the IoT landscape of the early 80’s when almost no households had any kind of internet connected devices.
You’ve all heard the story of the baby monitor that got hacked. And a 7 month old baby found itself being shouted at by an unknown male. These kind of attacks can happen, because devices such as baby monitors are now connected to the internet.
Attackers can also infect ‘smart’ devices with malware, allowing them to see everything happening in the home of a victim. Devices such as Smart TVs and CCTV cameras are often hijacked and used to spy on the people around them. For devices without a camera or microphone, such as IoT toasters or wheelchairs, criminals infect them with trojan-backdoors, allowing the attackers to use them as part of a large botnet or as a proxy device to hide malicious actions in with legitimate events.
In the case of the Mirai botnet, the devices were infected with a set of malware that listened to a command and control server, waiting for commands. Once it found a command, It would execute it. The threat actor behind the Mirai botnet used these devices to launch a DDoS attack on various services and DNS providers.
Companies get it wrong too!
In November 2015, the technology company VTech was hacked. The company created various devices for kids and families. The hack exposed Dates of birth, Email addresses, Family members’ names, Genders, IP addresses, Names, Passwords, Physical addresses, Security questions and answers, Usernames and Website activity of not only the adults but also the kids. After the breach, VTech shutdown most of their IoT services and online services, as there were signs that the hacked data was being used to maliciously control or access the devices owned by families.
Although IoT Devices do have their advantages such as being able to remotely make coffee or throw food at your household dog, developers and engineers should be careful about how they implement the devices into homes, how the devices are communicating, what information they are storing and who they are sending information to. I predict that in the future, IoT devices will become an essential part of our everyday life, just like TV has become. Because of this, we need to make sure that the IoT devices are protected against attacks.