Three stories about IoT hacking

Internet of things (IoT) is a concept that is slowly gaining momentum in popularity. The idea is about connecting your household appliances and other electronic objects to internet.

The potential uses for IoT technology are endless. For example, if your washing machine develops some problems, it could send the report to the manufactures. Likewise, the IoT technology may enable you to remotely switch on your heating to prepare for your arrival on a cold winter day. Or a local municipality may employ the IoT technology to have a smart automated road traffic control network.

Although there are many potential benefits of IoT, by being connected to internet, the technology opens itself to being hacked. In this article, we will not argue about strength or weaknesses of anti-hacking security of Internet of Thing; we will save this for another time. Instead, we will provide 3 real-life examples of successful hacks on IoT.

Let’s begin.

1. Traffic control hacking in Michigan City

University of Michigan has conducted an experiment to see how easy it is to hack into a smart traffic light network. In fact, it wasn’t hard and the only tools they needed were a laptop and an easily available radio transmitter.

As the team of researches has found, the wireless communication between the traffic lights network and the Road Agency had a very week security. All transferred information was easily readable by anyone who knows what they are doing, including user names and passwords.

However, this wasn’t the end of the story. There were plenty of debugging ports at street level and the team has found that it was possible to connect to them and gain full control by only using two wires. This had significant implications, as hackers who use this techniques are able to then control traffic lights as they see fit, causing a lot of chaos in the process.

2. Disabling brakes of a car

Two security experts have discovered several vulnerabilities in a variety of computerized cars and have developed a software which is capable of disabling car breaks.

Andy Greenberg, a journalist from Forbes, took part in an experiment where he was driving Ford Escape, while one of the security experts had his old Mac Book plugged into the data port.

At one point, Andy Greenberg tried to apply brakes to slow the car down. The only outcome of this action was a grinding noise coming from the pedal; otherwise the car didn’t react at all.

This was not the only hack done by the team and not the only model of a car hacked. They have later demonstrated to the journalist how the software tool that they have developed was capable of randomly beeping horns and forcefully applying brakes at high speed. The other car that they have successfully hacked is Toyota Prius and the thing that both of these models have in common is that both of them were made in 2010.

Chances are that the manufacturers have already taken note and have fixed many of the vulnerabilities; however there is also a good chance of somebody else finding new vulnerabilities in new technologies.

3. Hacking your home network through you TV

Two scientist from New York Security Lab have successfully demonstrated that a smart TV can be turned into an ultimate account-hijacking machine with an aid of a relatively inexpensive radio transmitter. This exploit is known as “red button attack”, named after a button on TV remote controls, which enables the viewers to access additional content.

A vulnerability was discovered in Hybrid Broadband Broadcast Television (HbbbTV) system. The vulnerability can accept HTML input sent to it via the radio signal, which enables the hackers to take over any accounts that the user is logged in on the TV to post spam and fake reviews. In extreme cases, a hacker would be able to change your account password and take over your account completely.

A radio transmitter costing under £200 was found to be capable of targeting thousands of devices within an area of 0.5 square miles. And the scariest thing that was found is that such attack was undetectable, as HbbbTV receiver doesn’t directly communicate with the network.

Conclusion

As these examples demonstrate, many IoT devices are not being designed with security in mind, so as consumers, we need to take certain precautions when using them.

Luckily, all of the above examples were done in in the lab and not by the actual hackers. All of the experts talked about here have stated that any devices that is connected to the internet should be treated as a computer and protected accordingly.

And those are not the only examples, so the industry is now waking up to these facts. Therefore we are to expect more future IoT technology to be as secure as our personal computers. In the meantime though, be wary of any consumer-grade IoT gadgets and thoroughly review them before the purchase.