5 IoT Security Attacks That Reminded Us Of Mirai Botnet

Years ago when technology was just getting started to evolve, the devices that could access the Internet were only PCs and laptops. However, with time, new devices started to enter and today, almost every device is connected to the internet, leading to the development of the Internet of Things (IoT) ecosystem.

Over the last few years, securing these devices has become a major task for manufactures as well as for users and many vulnerabilities have been discovered that led to serious attacks and hacks on different IoT devices.

Curious Dose lists down 5 worst vulnerabilities and attacks on IoT devices

The Mirai Botnet Attack

In October 2016, a massive DDoS attack hit the internet and it took down a huge portion of the internet which includes platform like Twitter, Netflix, Reddit etc. Dyn, a company that controls much of the internet’s DNS infrastructure became the victim of this nasty attack. According to reports, there were 100,000 malicious endpoints involved in the attack and to the surprise, there were reports that the attack had tremendous strength of 1.2Tbps.

The attack was carried out by IoT botnets with the help of malware called Mirai, which was created by Paras Jha and Josiah White. Mirai is a Japanese word which means “the future” and Jha released the code of the malware on the internet and later it was used to launch the DDoS attack.

The interesting fact is that unlike other botnets, Mirai botnet largely consists of IoT devices. The Mirai malware first infects computers and make them scan big blocks of the internet for vulnerable IoT devices such as security cameras, digital cameras, DVR players etc. and logs in to them.

St. Jude Medical’s Hackable Pacemaker

In January 2017, a report confirmed that the pacemakers from St. Jude Medical are exposed to threats — the implantable cardiac devices have serious vulnerabilities in the transmitter, which is used to read the device’s data and remotely share it with physicians. Talking about the seriousness of the situation, the vulnerability could allow hackers to drain batteries or even manipulate the patient’s heartbeat that could risk lives.

However, soon after the discovery of the faults in the devices, software patches were released to fix the issue. The devices were made by health tech firm Abbott and marketed under the St Jude Medical brand.

Even though there were no reports about unauthorised access to any patients’ implanted device, it shows how serious it was. This event of vulnerable pacemakers goes well with the statement “if technology can save a life, it can take life too.

Owlet’s Baby Heart Monitor Vulnerabilities

Medical devices have become a common target for hackers and with major vulnerabilities in such devices, things are getting easier for attackers. After St. Jude Medical’s vulnerable pacemaker, another device is the Owlet WiFi baby heart monitor, an IoT device that babies wear in a sock. The device is used to send heartbeat data wirelessly to a nearby hub and also, parents can set alert to their smartphone when anything extraordinary is noticed.

In 2016, it was discovered that the network which links the WiFi hub to the device is not encrypted (it doesn’t require any authentication to access), which makes it vulnerable to exploits. With such a vulnerability, it is easy for an attacker to hack the device within the range.
Talking about the consequences, once getting access to the device, a hacker can prevent alerts from being sent out to parents or the nearby hub.

An attack that Left Finland Cold

Unlike other IoT based attacks, this attack is quite peculiar. In November 2016, notorious cybercriminals targeted computer system that controls the heating of two building in the city of Lappeenranta, Finland. The attack was a DDoS attack that primarily used IoT devices.

The attackers directed massive traffic to heating controllers that later put the systems in a reboot loop which resulted in a situation where heating couldn’t kick in. In a place where usually the temperature goes below 0 degree Celsius by the end of every year, this kind of attack is serious and might lead to some critical medical emergencies.

Jeep Carjacking

In July 2015, two security researchers Charlie Miller and Chris Valasek hacked and took over a car. The entire event was a demo that showed how vulnerable the system was. The demo was carried out with the help of a volunteer victim who was driving a Jeep Cherokee at 70 mph when the security researcher hacked the vehicles CAN bus and exploited the firmware update vulnerability.

The worst part is that when Miller and Valasek took over the car, they discovered something which was really serious — they could not only make the car go fast and slow, but they could also make the car veer off the road.

This demo definitely shows how emerging Internet of Things (IoT) hacks are getting vital day by day and it is high time that companies need to come up with more secure systems if they want to deliver value to people without compromising their security, privacy, and lives.

Way Forward

Given the recent spate of events, it is completely clear that both the user and developer has to be concerned. From the users’ end, it is advised to do some serious research before buying an Internet-connected product. And from the developer’s end, it is imperative that the devices go through every possible test and make sure it is secure enough before pushing it out into the market.

Zeen is a next generation WordPress theme. It’s powerful, beautifully designed and comes with everything you need to engage your visitors and increase conversions.

More Stories
Dharavi gets its first IoT connected market to let shoppers have an informed choice