Security in the era of the Internet of Things: stories of hacking video-babies, pacemakers and supercars
The Internet of Things is beginning to play an increasing role in the IT market and in society, and soon it will become an integral part of our everyday life. This is confirmed by a number of expert assessments. Thus, according to IDC research agency, the cost of the global IoT market already in 2020 will exceed $ 7.1 trillion. It is expected that by this time more than 50 billion devices will be connected to the network. All this opens up tremendous prospects not only for business and end users. In connection with the development of IoT technologies, information security experts are beginning to sound the alarm. According to them, a huge number of poorly protected Internet devices gives new opportunities to cybercriminals, some of which have already managed to crack a number of IoT systems. We picked up the most striking cases of hacking devices of the Internet of things.
One of the most frightening cyber attacks in the history of the Internet of Things, dubbed Stuxnet, occurred in 2010 in Iran. Programmable controllers at a uranium enrichment plant in the city of Natenz were cracked. The attackers then managed to stop the work of more than a thousand centrifuges and for at least a year to hold back the development of the Iranian nuclear program. In addition, this case revealed a critical vulnerability at an industrial site of strategic importance, which to this day raises serious concerns throughout the world.
Another sensational cyber attack happened in October 2016, when a number of popular resources, services and social networks turned out to be inaccessible: Amazon, Pinterest, Twitter, Soundcloud, Spotify, Reddit, GitHub, Starbucks, CNN, The New York Time, etc. Iz- for the attacks suffered the owners of sites running on the servers of the company Dyn. It is known that attackers used the Mirai program, capable of finding unprotected devices of the Internet of things, such as routers, tracking cameras, digital video recorders, etc. on the network. The botnet, according to Dyn, combined more than 100,000 connected devices, many of which were vulnerable because they worked without password protection. The work of the attacked sites was restored after 14 hours.
')
Among the enterprises most vulnerable to botnets are medical institutions and pharmaceutical companies. So, diabetes engineer and researcher Jay Radcliffe discovered a vulnerability in Johnson & Johnson insulin pumps. According to Radcliffe, through this vulnerability attackers can get control of the device via Wi-Fi from a distance of about seven meters and provoke an overdose of insulin in the patient’s blood. This, in turn, can lead to irreparable health effects. Vulnerability was also detected in the Merlin @ Home system, which provides the operation of pacemakers. It turned out that almost any team can be sent to it, even to forcefully stop the heart of the device owner. In addition, experts note that hacker attacks in medicine are made to capture the personal data of hospital patients with a view to their further sale on the black market.
Smart home appliances also open room for cybercriminals. So, Schneider & Wulf specialists discovered that professional Miele washing machines were vulnerable to hacker attacks. It is noted that an attacker can gain access to confidential data through a seemingly innocuous household appliance using a web server built into the machines. The first botnet, working through home appliances, was applied at the turn of 2013 and 2014. Then, according to Proofpoint researchers, hundreds of thousands of malicious emails were sent to end users and companies around the world from refrigerators, multimedia centers, routers and TVs.
Hacking are subject and various systems of the smart city. So, in November 2016, the criminals managed to turn off the heating in the houses of the city of Lappeenranta in Finland, forcing the controllers to constantly restart the network. The attack had a significant effect on the life of citizens, since the air temperature had already fallen below zero by that time.
The San Francisco public transport network was also subjected to a hacker attack. Cybercriminals managed to hack the automated system for selling tickets, as a result of which passengers were able to ride buses and trolleybuses of the city for a day during the day. At the same time, the machines at the stations broadcast the inscription “Does not work”, and on the PC of the company's employees there were reports of burglary demanding redemption. In total, about 2000 carrier servers were infected with malware.
One of the most well-known scenarios of using the concept of IoT for illegal purposes was hacking of a video nurse in one of the American cities. The attacker seized remote control of the device and watched a three-year-old child for several days, talking to him at night. Parents could not understand the reasons for the boy’s alarm until they became witnesses of what was happening, accidentally looking into the children's room at night. A similar story occurred on the territory of the United States in 2013, when an unknown person through a video nurse set up tracking the bed of an eight-month baby. Both cases had a wide response and focused the attention of the IT community on the issue of security of modern CCTV and webcams.
Another case of hacking IoT-system associated with children, does resemble a horror movie script. Speech on the test attack on soft toys CloudPets. Toys of this brand allow you to record a message for your child from a mobile phone, transfer it via Bluetooth to the built-in speaker and play it when you click on it. Having penetrated into the CloudPets database, hackers gained access not only to the toys themselves and the audio recording function, but also to 800 thousand accounts and personal data of users.
Even ultramodern high-tech electric vehicles Tesla were vulnerable to IoT botnets. Researchers at Keen Security Lab remotely hacked the Tesla Model S model through an integrated browser. On Wi-Fi, they took control of the vehicle in driving and parking modes. At the same time, hackers noted that in this way they could hack any of the manufacturer’s cars.
Despite the fact that the Internet of Things requires more attention from the IT market participants to data protection, the volume of traffic coming from connected devices is growing rapidly. It is expected that by 2020 the number of M2M-connections in the world will increase to 12.2 billion. Moreover, almost half of them will be devices of smart home systems, which, despite isolated instances of hacking, already today help users in solving many everyday tasks - from remote control of appliances to control the heating and lighting systems. While the best industry experts and government structures are working on the cybersecurity protocols of the Internet of things, there are more and more new scenarios for using IoT technologies, and with them - new opportunities for each company and each person.
One of the most frightening cyber attacks in the history of the Internet of Things, dubbed Stuxnet, occurred in 2010 in Iran. Programmable controllers at a uranium enrichment plant in the city of Natenz were cracked. The attackers then managed to stop the work of more than a thousand centrifuges and for at least a year to hold back the development of the Iranian nuclear program. In addition, this case revealed a critical vulnerability at an industrial site of strategic importance, which to this day raises serious concerns throughout the world.
Another sensational cyber attack happened in October 2016, when a number of popular resources, services and social networks turned out to be inaccessible: Amazon, Pinterest, Twitter, Soundcloud, Spotify, Reddit, GitHub, Starbucks, CNN, The New York Time, etc. Iz- for the attacks suffered the owners of sites running on the servers of the company Dyn. It is known that attackers used the Mirai program, capable of finding unprotected devices of the Internet of things, such as routers, tracking cameras, digital video recorders, etc. on the network. The botnet, according to Dyn, combined more than 100,000 connected devices, many of which were vulnerable because they worked without password protection. The work of the attacked sites was restored after 14 hours.
')
Among the enterprises most vulnerable to botnets are medical institutions and pharmaceutical companies. So, diabetes engineer and researcher Jay Radcliffe discovered a vulnerability in Johnson & Johnson insulin pumps. According to Radcliffe, through this vulnerability attackers can get control of the device via Wi-Fi from a distance of about seven meters and provoke an overdose of insulin in the patient’s blood. This, in turn, can lead to irreparable health effects. Vulnerability was also detected in the Merlin @ Home system, which provides the operation of pacemakers. It turned out that almost any team can be sent to it, even to forcefully stop the heart of the device owner. In addition, experts note that hacker attacks in medicine are made to capture the personal data of hospital patients with a view to their further sale on the black market.
Smart home appliances also open room for cybercriminals. So, Schneider & Wulf specialists discovered that professional Miele washing machines were vulnerable to hacker attacks. It is noted that an attacker can gain access to confidential data through a seemingly innocuous household appliance using a web server built into the machines. The first botnet, working through home appliances, was applied at the turn of 2013 and 2014. Then, according to Proofpoint researchers, hundreds of thousands of malicious emails were sent to end users and companies around the world from refrigerators, multimedia centers, routers and TVs.
Hacking are subject and various systems of the smart city. So, in November 2016, the criminals managed to turn off the heating in the houses of the city of Lappeenranta in Finland, forcing the controllers to constantly restart the network. The attack had a significant effect on the life of citizens, since the air temperature had already fallen below zero by that time.
The San Francisco public transport network was also subjected to a hacker attack. Cybercriminals managed to hack the automated system for selling tickets, as a result of which passengers were able to ride buses and trolleybuses of the city for a day during the day. At the same time, the machines at the stations broadcast the inscription “Does not work”, and on the PC of the company's employees there were reports of burglary demanding redemption. In total, about 2000 carrier servers were infected with malware.
One of the most well-known scenarios of using the concept of IoT for illegal purposes was hacking of a video nurse in one of the American cities. The attacker seized remote control of the device and watched a three-year-old child for several days, talking to him at night. Parents could not understand the reasons for the boy’s alarm until they became witnesses of what was happening, accidentally looking into the children's room at night. A similar story occurred on the territory of the United States in 2013, when an unknown person through a video nurse set up tracking the bed of an eight-month baby. Both cases had a wide response and focused the attention of the IT community on the issue of security of modern CCTV and webcams.
Another case of hacking IoT-system associated with children, does resemble a horror movie script. Speech on the test attack on soft toys CloudPets. Toys of this brand allow you to record a message for your child from a mobile phone, transfer it via Bluetooth to the built-in speaker and play it when you click on it. Having penetrated into the CloudPets database, hackers gained access not only to the toys themselves and the audio recording function, but also to 800 thousand accounts and personal data of users.
Even ultramodern high-tech electric vehicles Tesla were vulnerable to IoT botnets. Researchers at Keen Security Lab remotely hacked the Tesla Model S model through an integrated browser. On Wi-Fi, they took control of the vehicle in driving and parking modes. At the same time, hackers noted that in this way they could hack any of the manufacturer’s cars.
Despite the fact that the Internet of Things requires more attention from the IT market participants to data protection, the volume of traffic coming from connected devices is growing rapidly. It is expected that by 2020 the number of M2M-connections in the world will increase to 12.2 billion. Moreover, almost half of them will be devices of smart home systems, which, despite isolated instances of hacking, already today help users in solving many everyday tasks - from remote control of appliances to control the heating and lighting systems. While the best industry experts and government structures are working on the cybersecurity protocols of the Internet of things, there are more and more new scenarios for using IoT technologies, and with them - new opportunities for each company and each person.
Source: https://habr.com/ru/post/333850/
All Articles