We’ve already seen plenty of cases where hackers have exploited security holes in the Internet of Things. The results can be quite serious, and sometimes downright terrifying.
What most of these cases have in common, however, is that they could easily have been avoided if security had been a bigger priority.
1. Remotely steered a car off the road
In 2015 a major automobile brand had to recall 1.4 million vehicles after security experts proved you could gain access to critical functions through the car’s infotainment system, which was insecurely connected to the internet.
The technology magazine Wired had a journalist drive the car, while the « hackers » remotely controlled the washer fluid, windshield wipers, and eventually gained full control of both brakes and steering.
The car ended up (safely) in a roadside ditch, but under less controlled circumstances, the results could have been significantly worse. If the infotainment system had been separated from the more important functions of the vehicle, millions of dollars could have been saved. This clearly illustrates the dangers of open networks.
2. Malmö’s PR nightmare
The Swedish municipality of Malmö were probably not expecting that a screen displaying public information by the train station would turn out to be a PR nightmare. They cut some corners on security, and used a regular unsecured internet connection to control the display. Nobody figured something this harmless would prove any sort of security risk.
Despite this, hackers quickly managed to change the address of the built-in media player, and had it display explicit content instead of train timetables. Suddenly Malmö was in the news worldwide, but for far different reasons than they might have wished.
3. Hacked workout webcam
When cameras were installed in the workout premises for professional athletes in Trondheim, the reasoning was to help them better evaluate and improve their exercises. Because the network was improperly secured, hackers managed to gather large amounts of video footage, and used odd angles and editing to give it a sexual character. The clips were then all shared on websites with far murkier intent than professional sports.
WiFi-connected cameras are actually amongst the most at-risk technology, andan experiment showed just 98 seconds online were needed before such a camera was infected with harmful malware.
4. Strange man gained access to baby monitor
When a small boy in Washington told his parents he was scared to go to bed because someone would talk to him at night, at first they didn’t believe him. It turned out, however, that somebody had hacked into the unsecured baby monitor in the boy’s room.
Strangers online had gained full control of the monitor, including the camera, and would comment on things happening in the room to scare the little boy. Understandably enough, this was a terrifying experience for the child, and not exactly great PR for the brand behind the baby monitor.
5. Shutdown of a Ukraine power grid
2016 was the first time somebody managed to pull through a major scale attack on power grid infrastructure, and gained enough access to shut the entire thing down. This happened in a region of Ukraine, and Russia was immediately suspected to be behind the attack. Smart grids and other devices that tie the grid to the internet makes it much easier to hack, and can as a result have entire cities turn dark.
Just during the period 2011-2014, the US Department of Energy were on the receiving end of 150 successful (though smaller) attacks, because hackers had gained admin rights to important networks. We can easily picture worst case scenarios when these networks are used for things like nuclear power plants.
All this clearly illustrates how security should be priority number one when connecting things to the internet, and the dangers will just grow more pronounced in the future. That’s when it’s important to be prepared, to make sure it’s as difficult as possible to gain unauthorized access to your important networks.
Want to learn more about IoT security?
Download our white paper and learn more about other important aspects of security. (In English)