From Connected Cars, Healthcare to Uranium Enrichment Facilities, 5 IoT Security Hacking Instances to Take Note of!
As predicted by Forbes report, by 2025 there will be more than 80 billion active smart devices connected to the internet worldwide.
Well that’s the bright side of the IoT growth story. And like all technology advancements witnessed so far, IoT story too has many shades of grey!
When such humongous volumes of devices become online, it is a paradise for Hackers. World has already witnessed the consequences of Internet of Things (IoT) hacking and there is a realization for being prepared better for the future.
Such hacking attempts and IoT security issues across global IoT facilities, have resulted into privacy violation, security breaches, loss of business, crippling of infrastructure and in some cases even health and medical emergencies
( Image Source: McCune Wright website )
Following are some successful IoT security breaches (some are actual incidents, while rest are IoT hacking demonstrations) that were able to threaten the integrity of the entire IoT system:
- STUXNET:In 2014, a malicious computer worm called Stuxnet was responsible for causing substantial damage to Iran’s nuclear project. This was a clear case of internet of things security issue.
The attack was purposed to sabotage the Uranium enrichment facilities in Iran. STUXNET was developed specifically to target PLCs responsible for extracting nuclear material.
STUXNET was designed to gain control of the PLCs connected to a computer running on windows OS. It was installed inside the computers through an infected USB device and had ability to control over thousands of factory assembly lines and centrifuges.
To prevent such IoT security breaches, Siemens released a detection and removal tool for Stuxnet.
Siemens also suggested to install Microsoft updates , prohibit the use of third-party USB flash drives and update password access code to avoid such IoT security breaches.
- MIRAI BOTNET:A Japanese malware called Mirai was developed to attack Linux based devices connected to a network and turn them into remotely controlled bots.
In 2016 this BOTNET was launched to attack numerous IoT devices, primarily home routers and IP cameras.
According to a White hat malware research group, it was the largest attack leading to a widespread Distributed Denial of Service (DDoS) attack.
This attack was purposely made to make certain online business unavailable by overwhelming it with traffic from multiple sources.
The Marai program identified vulnerable IoT devices through a table of 60 default username and password, logged in to infect the devices with the Mirai malware. The malware persisted in the system unless the system is rebooted and the password is changed after the boot.
This IoT security breach was a reminder that the best practice of updating system password and the operating system should always be followed as a thumb rule.
- Connected Cardiac devices with sweet spot for IoT hacking:Earlier in 2017, the FDA recognized and confirmed that the St. Jude Medical implantable cardiac devices (pacemakers and defibrillators) are hackable.
The FDA implied that the hackers can break into the device, can deplete the battery of the device or can cause incorrect pacing and even shock.
The FDA said that the device transmitter which is responsible for reading and sharing of the device data with the physician is a vulnerable spot for an attack.
Though St. Jude professionals have developed and implemented a patch fix for the existing bug, This case depicted how the health and lives of people can be at risk due to shortcoming in Iot device security.
- IoT hacking demonstration on Connected Car:Earlier in July 2015, two researchers demonstrated to the WIRED magazine the existing loophole in the digita network of the connected vehicle of Chrysler.
The vehicle’s digital system could be remotely hacked over the internet by sending a software update that the car owner can install through the port on their vehicle dashboard.
After taking control, the hackers demonstrated how they were able to cut the brakes, shut down the engine and drive the car off the road.
To prevent the existing bug from turning into an IoT security issues, Chrysler immediately implemented a bug fixing software that was deployed across 1.4 million Chrysler vehicles.
- HACKABLE SNIPER RIFLES:At Black hat Hacker conference in 2015, a pair of security researchers demonstrated how a wirelessly connected sniper rifle of a company named TrackPoint, can be hacked.
The set of techniques, demonstrated by the hacker couple, depicted how the WiFi connected device allowed the attacker to exploit the vulnerabilities in the software remotely over the network.
This is done by logging in to the gun’s network that has a default password, thus allowing anyone within the range to connect to it.
Then the hacker can access the API and change the key variables in its target application. The hacker then can change the parameters involved in the calculation of the scope of the target and can make the rifle either change its target or permanently disable the rifle.
The founder of TargetPoint agreed to work along with the couple to develop a patch fix for the existing hackable flaw in the rifle’s software.
These IoT security issues clearly point out the need for optimal IoT security solutions. The success of any technology is possible only when the end-users find it trustworthy and relevant.
Now that the relevancy of IoT applications and their impact has been realized, IoT solution providers and businesses are consistently investing in developing foolproof IoT systems.
This is being achieved by developing a highly secure hardware and the Operating system for IoT applications, advanced IoT monitoring systems and regular up-gradation of the software and patch fixes.
In this game of ‘catch me if you can’, as a responsible IoT community we are required to be on our toes 24/7. This is because for IoT Hackers, success means breaching the IoT system once, but for us success lies in foiling all their attempts, 24/7!