Internet of Things (IoT) has become a primary target for cybercriminals. The repeated security incidents on IoT devices represent a rising trend for IoT attacks.
By Rudra Srinivas, Feature Writer, CISO MAG
The proliferation of connected devices in consumer, enterprise, and healthcare organizations, and their internal vulnerabilities, have created a security blind spot where cybercriminals can launch a Zero-day attack to compromise devices like webcams, smart TV, routers, printers, and even a smart home.
Here’s a list of 10 severe threats created by connected devices:
1. Smart Security Cameras
It seems cybersecurity issues with smart security cameras alarmed customers after Xiaomi Mijia’s vulnerabilities were exposed. The incident came to light after Dio-V, who owns a Google Nest Hub and several other Xiaomi Mijia cameras around his home, claimed that he received images from other people’s homes, randomly, when he streamed content from his camera to a Google Nest Hub.
“When I load the Xiaomi camera in my Google Home hub, I get stills from other people’s homes,” Dio-V said.
This isn’t the first incident where smart security cameras posed an issue.
Ring, a home security products provider owned by Amazon, was hit by a class-action lawsuit in the U.S. for reports of multiple hacking incidents on its security cameras that left victims traumatized.
Security researchers from cybersecurity firm Bitdefender discovered and reported a flaw in Amazon’s Ring Video Doorbell Pro, which could have given hackers unauthorized access to the user’s Wi-Fi network and potentially to other connected devices on it. At present, all the Ring Doorbell cameras have received a security patch from Amazon to mitigate the issue.
Also, researchers from vulnerability detection firm Tenable discovered seven critical vulnerabilities in Amazon-owned Blink XT2 security camera systems. If exploited, the vulnerabilities could allow hackers to remotely view the camera footage, listen to audio output, and use the infected device to launch distributed denial of service (DDoS) attacks.
In response, Amazon rolled out patches for the vulnerabilities and urged its users to update their devices to firmware version 2.13.11 or later.
2. Hackers can “Faxploit” Connected Fax Machines
Yaniv Balmas and Eyal Itkin, security researchers from Check Point, discovered that fax machines have security vulnerabilities that could possibly allow a hacker to steal data through a company’s network using just a phone line and a fax number. The researchers also demonstrated how they were able to exploit security flaws in a Hewlett Packard all-in-one printer at DEFCON 26 conference.
Describing the potential threat, the researchers said the attackers can send specially created malware coded image files via fax to the targeted networks. The vulnerabilities in the fax machine enable the malware to decode the files and upload these to its memory, which can breach sensitive information or cause disruption across connected networks.
3. Smart TVs
According to the FBI, smart TVs have several overlooked and neglected security issues. It stated that security is an afterthought for several smart TV manufacturers, which makes them vulnerable to different kinds of threats. Hackers can not only control your unsecured TV for changing channels or volume controls, but also stalk your everyday movements and conversations using the integrated camera and microphone.
4. Smart Bulbs can be Hacked
Multiple reports disclosed security vulnerabilities in smart bulbs. According to Murtuza Jadliwala, a research expert at the University of Texas at San Antonio (UTSA), hackers can compromise infrared-enabled smart bulbs by sending commands via an infrared invisible light emitted from the bulbs to exploit other connected IoT devices existing on the home network.
5. Smart Home is Vulnerable
A Milwaukee-based couple suffered a horrifying incident after their Smart Home setup was hacked by unknown intruders, Fox 6 News reported.
The couple Samantha and Lamont Westmoreland stated that hackers took over their smart home by compromising the connected devices. The attacker played disturbing music from the video system at high-volume while talking to them via a camera in the kitchen, and also changed the room temperature to 90 degrees Fahrenheit by exploiting the thermostat.
Initially, the couple thought it was a technical glitch and changed their passwords, but the issue continued. The duo later changed their network ID, after realizing that someone hacked their Wi-Fi or Nest system.
6. Smartphone’s Microphone Can be Used to Launch Acoustic Side-Channel Attack
Academic researchers from England and Sweden designed a malware that can exploit a smartphone’s microphone to steal the device’s passwords and codes. In their report, “Hearing Your Touch: A New Acoustic Side-Channel on Smartphones,” the researchers claimed that they’ve found the first acoustic side-channel attack that presents what users type on their touch-screen devices.
7. Hackers can Steal Your Identity and Bank Details from a Coffee Machine
Smart coffee machines that are connected to the internet using special apps could be targeted by hackers to steal their owner’s bank or card details.
Vince Steckler, chief executive of security giant Avast, said, smart coffee machines allow owners to control them remotely using their phones. Users can even give the machines vocal commands if they are connected to virtual assistant software such as Amazon’s Alexa.
“Coffee machines are not designed for security. They are additional vectors to get into your network. And you can’t protect them,” Steckler said in a media statement.
8. Connected Printers
According to security research firm Quocirca, printers that are connected to an organization’s network are the potential vector for cyberattacks. In its report, “Global Print Security Landscape, 2019,” Quocirca addressed the potential security vulnerabilities posed by connected printers.
The report highlighted that 60 percent of businesses in the U.K., U.S., France, and Germany suffered a print-related data breach in 2019, which resulted in a data loss that cost companies an average of more than US$ 400,000.
9. Smart Speakers Can be Hacked
Wu HuiYu and Qian Wenxiang, security researchers from Tencent Blade, exposed vulnerabilities around smart speakers in a live demonstration at the DEFCON security conference on how to hack a smart speaker. The team used Amazon Echo smart speakers to present their attack program.
The researchers hacked the speaker by adding a malicious device embedded with an attack program. They also notified their findings to Amazon before the presentation, and Amazon pushed a security patch to fix the issues.
10. Even Internet-Connected Gas Stations are Vulnerable
Researchers at Trend Micro discovered that hackers are targeting internet-connected gas stations to launch IoT-based cyberattacks.
In its report, “The Internet of Things in the Cybercrime Underground,” Trend Micro described how Russian hackers have benefited from the Russian government’s new directive, which mandates to replace all electricity meters in the country with smart meters. Trend Micro stated that hackers in Russian dark web forums requested information on how to exploit smart meters. Some hackers are even selling altered smart meters in the underground market forums. Researchers also revealed that they’ve seen tutorials on gas pump hacking, including step-by-step procedures on how to hack connected meters.
Rudra Srinivas is part of the editorial team at CISO MAG and writes on cybersecurity trends and news features.