Connecting everything around us from our cars to our homes to even our body is very exciting, and it definitely does automate our daily life. Let’s not deny that with our love for the Internet of Things (IoT), we will be more than delighted when our air conditioner reads our mind, lights bulb glows on entering the room, using an automated car, connecting our body to a Smartphone and many such spoon-fed activities that ease our life. But we should be careful of various IoT hacks.
However, on the other side of the spectrum (which people hardly think about) is the safety and security of your data. All of your data is interconnected, which in fact reduces the efforts needed by the hackers to hack the entire system.
One major reason is that a large number of Internet-connected devices lack even the most basic cyber security protocols, making them hackable in minutes. Most secure and trusted machines do give hackers a tough time, but one tiny loophole is sufficient enough for them to conquer your data. In fact, Intel’s prediction for threats in 2017 includes that IoT malware will open backdoors into the connected home that could go undetected for years!
To add on to the fear, there are a lot of such efficient IoT hacks reported in the recent past. Let’s take a look at top five IoT Hacks and how were they done.
Top 5 IOT Hacks are as follows:
You are on the driving seat, but it is not you who is driving
Charlie Miller and Chris Valasek, automotive cyber security researchers proved earlier that hacking Jeeps is something that is child’s play for them especially because all the carmakers are doing their best to turn an automobile into a smartphone. Uconnect, an Internet-connected computer feature in hundreds of thousands of Fiat Chrysler cars, support utility vehicles (SUVs), and trucks, controls the vehicle’s entertainment and navigation, enables phone calls, and even offers a Wi-Fi hot spot. Uconnect’s cellular connection lets anyone who knows the car’s IP address gain access from anywhere in the country.
In 2015, they attacked the jeep over the Internet that is from around 15 kilometres away from the target. They toyed with the air-conditioning, radio, and windshield wipers, disabled brakes at low speeds and managed to paralyse the vehicle. This made Chrysler announce for a recall of 1.4 million vehicles and fix the vulnerabilities. But now, these researchers have come out with better hacking tricks.
By sending carefully crafted messages on the vehicle’s internal network known as a controller area network (CAN) bus, they are now able to pull off even more dangerous, unprecedented tricks like causing unintended acceleration and slamming on the car’s brakes or turning the vehicle’s steering wheel at any speed. Unlike last year, instead of cutting the transmission on the highway, now they can turn the wheel 180 degrees!
One major problem is that this hack can be performed only with a laptop that is directly plugged in, into the jeep’s CAN network via a port under its dashboard. But they do promise this would get wireless sooner. Instead of merely compromising one of the so-called electronic control units (ECUs) on a target car’s CAN network and using it to spoof messages to the car’s steering or brakes, they also attacked the ECU that sends legitimate commands to those components, which would otherwise contradict their malicious commands and prevent their attack.
By putting that second ECU into “bootrom” mode—the first step in updating the ECU’s firmware that a mechanic might use to fix a bug—they were able to paralyse that innocent ECU and send malicious commands to the target component without interference. More about this can be found on hacking a jeep.
Adventures of Barnaby Jack
Barnaby Jack, a hacker programmer and computer security expert has managed to hack multiple devices including automatic teller machines (ATMs), pacemakers, hear implants and insulin pumps At a Black Hat conference in 2010, Jack gave a presentation on “jackpotting”, or exploiting automated teller machines to make them dispense cash without withdrawing it from a bank using a bank card. Jack gave demonstrations of different kinds of attacks involving both physical access to the machines and completely automated remote attacks. In both cases, malware was injected into the operating system of the machines, causing them to dispense currency fraudulently on the attacker’s command.
During the remote attack, malware is installed on the target system via exploited vulnerabilities in the remote management system, most notably the use of default passwords and remote management transmission control protocol (TCP) ports. The attacker then executes the malware, causing the target ATM to dispense a given amount of currency. He also developed software that allowed him to remotely send an electric shock to anyone wearing a pacemaker within a 50-foot radius.
Jack also came up with a system that scans for any insulin pumps that communicate wirelessly within 300 feet, allows you to hack into them without needing to know the identification numbers and then sets them to dish out more or less insulin than necessary, sending patients into hypoglycaemic shock or ketoacidosis. With more such hacker’s who find out the vulnerabilities in various medical devices, hacking the human body is also easy. More about this can be found on hacks by Barnaby Jack.
World’s first digital weapon
Stuxnet, a highly sophisticated computer worm was discovered in 2010 and was essentially the world’s first digital weapon. It was developed by the American and Israeli governments and used to wreak havoc on an Iranian nuclear facility called Natanz. It targets industrial control systems that are used to monitor and control large-scale industrial facilities like power plants, dams, waste processing systems and similar operations. It allows the attackers to take control of these systems without the operators knowing.
This was the first attack that allows hackers to manipulate real-world equipment, thereby making it very dangerous. It was the first computer virus to be able to wreak havoc in the physical world. It was sophisticated, well-funded, and there were not many groups that could pull this kind of threat off. It was also the first cyber attack that specifically targets industrial control systems. It targets the computer system of machines used to enrich uranium, known as centrifuges, and instructs them to spin the machines out of control. Eventually, the forces break the centrifuges.
At the same time, Stuxnet would report to the control room that nothing was amiss. Over a few years, about 20 percent of Iran’s centrifuges spun out of control and were destroyed. Iran’s nuclear scientists had no idea why so many centrifuges were busted. It indeed turned out to be a brilliantly sophisticated attack. More about this can be found on an unprecedented look at Stuxnet.