Smart devices are coming under increasing scrutiny. Why, you ask? Very few of them have any security at all, and the ones that do tend to have only the most rudimentary security protocols in place, which presents almost no challenge to even a novice hacker. As such, they’re the perfect attack vehicle.
You’ve probably heard about botnets. These are armies of enslaved devices controlled via malware by hacker groups primarily used to launch DDOS attacks like the one that brought the internet to its knees on the east coast of the US last year.
Recently, the UK security company Darktrace has published a report entitled “The Darktrace Global Threat Report 2017,” in which they present nine different case studies illustrating how hackers can use a wide range of smart devices in their attacks.
In one case study, smart drawing pads used by an architectural firm were coopted by unknown hackers, incorporated into a botnet, and used to launch a number of DDOS attacks against a variety of targets.
In another, a smart fish tank tied to an American casino’s network was used to gain a foothold, and breach further into the casino’s system. In that particular case, the hacker was able to make off with more than 10GB of data, siphoning it through the fish tank to a server in Finland. This happened in spite of the fact that the fish tank was on its own VPN and isolated from the rest of the casino’s network.
It’s a fascinating and disturbing report that underscores the large and growing danger posed by the rapidly expanding Internet of Things. In addition to the examples outlined in Darktrace’s report, the FBI has also issued a warning about the amount of data that smart toys can collect on children and their parents, with the fear being that it could be used to steal a child’s identity, or worse, arrange abductions. Forbes says, “Interactive toys that connect to the internet are more popular than ever, and understanding the privacy and security risks they bring is anything but child’s play.”
If that wasn’t enough, one doesn’t have to look back far to find instances of ransomware being installed onto smart medical devices, potentially putting lives at risk. Until and unless we start demanding more from smart device manufacturers, this problem is only going to get worse.