The IoT begins to play an increasingly important role in the IT market and the life of society, and soon it will become an integral part of our everyday life. This is confirmed by some expert assessments. So, according to IDC, the cost of the world market IoT in 2020 will exceed $7.1 trillion. It is expected that by this time more than 50 billion devices will be connected to the network. All this opens great prospects not only for business and end users.
In connection with the development of IoT technologies, specialists in the field of information security are beginning to be alarmed. In their opinion, a huge number of poorly protected Internet devices gives new opportunities for cyber criminals, some of whom have already managed to crack some IoT systems. We picked up the most striking cases of Internet device hacking.
One of the most frightening cyber attacks in the history of the Internet of things, called Stuxnet, occurred in 2010 in Iran. The programmable controllers on the uranium enrichment plant in the city of Natanz were subjected to hacking. The attackers then managed to stop the work of more than a thousand centrifuges and at least delay the development of the Iranian nuclear program for at least a year. Also, this case revealed a critical vulnerability on an industrial facility of strategic importance, which to this day raises serious concerns around the world.
Another notorious cyber attack happened in October 2016, when some popular resources, services, and social networks were inaccessible: Amazon, Pinterest, Twitter, Soundcloud, Spotify, Reddit, GitHub, Starbucks, CNN, and the New York Times, Owners of sites working on Dyn servers suffered from the attacks. It is known that the attackers used the program Mirai, able to find unprotected devices on the network, such as routers, security cameras, digital video recorders, etc. According to Dyn, more than 100,000 connected devices were connected to the botnet, many of which were vulnerable, since they worked without password protection. The functionality of the attacked sites was restored after 14 hours.
Among the most vulnerable to botnets are medical institutions and pharmaceutical companies. Jay Radcliffe, an engineer, and researcher who has diabetes discovered a vulnerability in the work of insulin pumps from Johnson & Johnson. According to Radcliffe, attackers use Wi-Fi from a distance of about seven meters to gain control over the device and cause an overdose of insulin in the patient’s blood, which can lead to irreversible health consequences.
Another vulnerability was detected in the Merlin@home system, which monitors pacemakers. It turned out that anyone can send almost any command to it, even ones that forced stoppage of the device owner’s heart. Also, experts note that hacker attacks in medicine often target personal data of hospital patients for sale on the black market.
Smart home appliances also create possibilities for cybercriminals. For example, Schneider & Wulf have discovered that hacker attacks against the Miele PG 8528 lab washer and disinfector are possible due to a vulnerability. Their discovery was that access to confidential data through a seemingly innocuous household appliance can be obtained by using an embedded web server.
The first botnet, working through home appliances, was started at the end of 2013. According to Proofpoint researchers, hundreds of thousands of malicious emails were sent to end users and companies around the world from refrigerators, multimedia centers, routers, and TV sets.
Various systems of smart cities are subject to hacking. In November 2016, criminals managed to turn off heating in some homes in Lappeenranta, Finland, forcing the operators to repeatedly restart the network. The attack had a significant effect on the lives of citizens, as the outside temperature had already fallen below freezing by that time.
A hacker attack was launched against the public transport network of San Francisco. Cybercriminals managed to shut down the automated ticketing system, so passengers rode on buses and light rail for free.
The ticketing machines at the stations displayed the message “Does not work,” There were reports of a hack with a demand for ransom. A total of 2000 malicious programs affected the agency’s servers.
One of the most frightening scenarios for using IoT for illegal purposes was attacking a baby monitor in the United States. The attacker took control of the device and for several days watched the three-year-old child and talked to him at night. His parents could not understand the reasons for the boy’s anxiety until they witnessed what was happening by visiting the child’s room one night.
A similar story occurred in 2013 when an unknown person used the baby monitor to observe an eight-month-old baby. Both cases had a deep resonance and focused the attention of the IT community on the security of modern CCTV and web cameras.
Even ultra-modern high-tech electric vehicles like the Tesla were vulnerable to IoT botnets. Researchers at Keen Security Lab remotely hacked the Tesla Model S model through a built-in browser. On Wi-Fi, they took control of the vehicle in driving and parking modes. At the same time, hackers noted that using the same technique they could have hacked any of the manufacturer’s vehicles.
Despite the fact that the Internet of things requires, even more, attention to protecting data, the amount of traffic coming from these connected devices is skyrocketing. It is expected that by 2020 the number of M2M-connections in the world will grow to 12.2 billion. Almost half of them will be intelligent home systems, which, despite several cases of break-ins, already help users in with many everyday tasks—from remote control of household appliances to controlling heating and lighting systems.
While the best industry professionals and government structures are working on cybersecurity protocols for the Internet of things, there are more and more new scenarios for using IoT technologies, and with them are new opportunities for every company and every person.
We at JeraSoft advise our clients and other IoT and telecom companies to make sure they have secured their systems properly not to find themselves in the list below one day. In case you have some concerns regarding your internal forces, ask your service providers or external advisers to share with you their security practices.
Get Service, Support, and Professional Advice
For general and sales inquiries regarding JeraSoft IoT billing or telecom billing solutions, please contact our Sales Department at [email protected] or use the form and a team member will get back to you as soon as possible.