Worst and weirdest IoT hacks of all times
Panama-based virtual private network provider NordVPN has collected a list of the craziest IoT device hacks and breaches.
With an increase of global reliance on the internet, IoT devices are also wading into every facet of our daily lives. According to Gartner, there will be more than 20 billion IoT devices by 2020 and as many as 75 billion connected IoT devices by 2025. Unfortunately, the safety and integrity of these devices are still widely ignored, and there are more and more cases of them of being hacked and used as part of a botnet.
“Things that were once the plot for a science fiction movie, such as household appliances being hacked and turned against humanity, now became a reality,” said Daniel Markuson, digital privacy expert at NordVPN. “IoT hacking can be extremely effective, producing DDoS attacks that can cripple our infrastructure, systems, and way of life. If you have multiple devices connected to the same network in your home or office, and a hacker gets access to one device, they could break into all of them.”
According to Markuson, even though it’s hard to believe that a baby monitor or a seemingly simple toy can do significant harm, it’s no longer only computers or smartphones that are at risk of cyber attacks. The company has compiled a list of crazy examples of IoT hacking and vulnerabilities recorded in history:
Thermometer in a lobby aquarium
It always seems that casinos are some of the most secure organisations in the world, but they can be hacked as well. A few years ago, a group of hackers used a rather unconventional method to break into a casino. They managed to access its network via an internet-connected thermometer in an aquarium and extract its high-roller database with all sensitive details.
Hacked baby monitor
Baby monitors started as simple one-way radio transmitters and evolved into sophisticated wifi-enabled smart devices with cameras, infra-red vision and other features. However, as everything IoT, those devices can be hacked as well. Late last year, a family from the USA experienced a real nightmare. A hacker got into the wireless camera system used to keep an eye on the baby and threatened to kidnap him. This case is not an exception. There are several reported incidents of strangers' voices being heard over baby monitors.
Hackable sex toys
Last year, researchers from tech firm SEC Consult announced that the private sex life of at least 50,000 users had been exposed by a sex toy called Vibratissimo Panty Buster. Multiple vulnerabilities put at risk not only the privacy and data but also the physical safety of the owners. All customers’ data were accessible via the internet in such a way that explicit images, chat logs, sexual orientation, email addresses and passwords were visible in clear text. But it’s not the worst part. The Panty Buster toys could be hacked to inflict sexual pleasure remotely on victims without their consent.
Spy in the home
Earlier this year, CNN managed to access a variety of camera feeds using a search engine for IoT devices Shodan. One of the feeds showed a family in Australia and its daily routine, while other cameras captured a man in Moscow preparing his bed and a woman in Japan feeding her cat. All of them seemed unaware of the fact they could be watched through a camera in their own room. According to CNN, none of the cameras had had security checks and were open to anyone who knew the right address.
Insecure home thermostats
In 2016, hackers left the residents of two apartment buildings in Lappeenranta, Finland, in freezing cold for nearly a week by launching a DDoS attack on their environmental control systems via thermostats. Because both the central heating and hot water systems were attacked, the environmental systems were rebooted in their attempt to fight off the attack and got stuck in an endless loop.
Hackable medical devices
In 2017, the US Food & Drug Administration (FDA) confirmed that St Jude Medical’s implantable cardiac devices could be easily hacked. Such devices are usually used to monitor patients’ heart functions and control heart attacks. However, due to transmitter vulnerabilities, hackers could control shocks, administer incorrect pacing and deplete the battery. And it’s not the only time when the FDA issued similar warnings. Earlier this year a new alert was issued on the security of Medtronic insulin pumps, which hackers could remotely access and control.
Spying doll Cayla
In 2017, Germany banned an interactive doll My Friend Cayla because it contains a concealed surveillance device. According to the researchers, hackers can use an insecure Bluetooth device installed in the toy to listen and talk while a child is playing with it. This interactive doll opens ways for hackers to use its cameras and microphones to see and hear whatever Cayla does. The Cayla companion app also encourages children to share their parents’ names, what schools they go to and where they live.
Backseat driver in a jeep
Back in 2015, a team of researchers was able to take total control of a Jeep SUV. By exploiting a firmware update vulnerability, they hijacked the vehicle and made it speed up, slow down and veer off the road. Luckily, this time, it was a team of researchers and not a real hacker. Four years later, as people dream about autonomous cars, many of the previous vulnerabilities still haven’t been addressed.
How to stay safe
Internet-connected devices make lives easier. However, most of them lack the security features that are standard in computers, tablets and even smartphones. That’s why, according to Markuson, before acquiring a new IoT device and bringing it home, people should always consider whether it really benefits them.
“Of course, it doesn't mean that, if something can be hacked, it will be,” he said. “Many of these cases are still theoretical, but staying cautious can do no harm. If you have a smart device at home or work, read more about it and use network security technologies. Strong passwords and authentication methods reduce the risks as well.”