ISE Blog

Fishing for IoT Vulnerabilities

This month provides me the opportunity to share several examples of recent IoT hacks, and demonstrate how one can introduce risks when adding smart devices to a network.  Leveraging this survey of happenings in IoT security breaches, it serves as a reminder to the importance of security as IoT evolves. As we’ve talked about in recent posts, MQTT is one example of a standard that is evolving to help address some security concerns in the IoT space.  However, as we’ll see in at least one example, if users of IoT devices are not willing to care about security themselves, no amount of fancy protocols will solve your all your problems. Without further delay, let’s read through some of the more interesting recent IoT hacks.   

IoT Hack on Fish TankRecently a casino was hacked through a smart fish tank connected to their network.  This would seem like something one reads in the “News of the Weird” except this could happen on any connected device. The casino anticipated this being a risk and introduced additional security on the fish tank in an attempt to prevent hacking.  Even with the extra security, hackers were still able to identify vulnerabilities and break into the fish tank and jump onto the casino’s network. Once there, they searched for and identified additional vulnerabilities on the network.  While the casino was able to shut the hack down before serious damage was done, this has to be one of the most unique hacks I’ve read about in the IoT space.

Another notorious IoT attack that happened in 2016 was in Finland. Hackers used a distributed denial of service (DDoS) attack on the network of two different apartment buildings. If that’s not cold enough for you, the hackers then proceeded to turn off the heating systems in both buildings during the winter months! Thankfully, the issue could be quickly addressed before anyone had medical issues related to the cold. 

Lastly, the BrickerBot attack of 2016 was popular as it revealed the extent to which hackers can exploit something that is always in oversupply – laziness. The BrickerBot hack is famous because it renders your latest smart device useless by putting it in a state of permanent denial-of-service. This was managed by checking to see if an IoT device was still setup with its factory default password. If a remote device was, it was susceptible to being hacked and essentially turned into junk just that quickly. 

These three examples are interesting to read about as they cover a range of approaches hackers can take. In one case, the casino fish tank, preventative measures were taken but failed. In another case, BrickerBot, all hackers had to do was assume users were lazy enough to not modify default settings. Regardless of the case, these scenarios demonstrate some of the concerns around IoT that the market will continue to struggle with.

Know of any other interesting IoT hacks? Comment below! Have an IoT project you are thinking about creating? Give us a call and we’ll make it a success. 

Hudson Ludvigson, Senior Software Engineer

Hudson Ludvigson, Senior Software Engineer

Hudson Ludvigson is a Senior Software Engineer and the Practice Lead in Vehicle Telematics at Innovative Software Engineering. He has been with ISE since March 2006. He enjoys the diversity of the software engineering field and how it impacts and improves peoples' everyday life, particularly in the domains of agriculture, business, finance, and medicine. In his downtime he can be found enjoying college football and outdoor recreational sports, or spending time with his family.