Some clever hackers found new ways to use the smart devices surrounding us, according to a report published last week by UK-based cyber-defense company Darktrace.
The report, entitled the Darktrace Global Threat Report 2017, contains nine case studies from hacks investigated by Darktrace, among which two detail cyber-incidents caused by IoT devices.
Smart drawing pads used for DDoS attacks
In one of these case studies, Darktrace experts reveal how an unknown hacker had hijacked the smart drawing pads used at an architectural firm to carry out DDoS attacks as part of an IoT botnet.
The hacker had used the default login credentials that came with the design pad software to take over the devices, which the architectural firm had connected to its internal WiFi network, and was exposing to external connections.
"An attacker scanning the internet identified the vulnerable smart drawing pads and exploited them to send vast volumes of data to many websites around the world owned by entertainment companies, design companies, and government bodies," the report reads. "Involvement in the attack could have legal implications for the firm had their infrastructure been responsible for damaging another network."
Smart fish tank used to hack North American casino
Another case where attackers leveraged a smart device was at a North American casino. Darktrace says that an unknown hacker had managed to take over a smart fish tank the casino had installed at its premises for the enjoyment of its guests.
In spite of the fact that the fish tank was installed on its own VPN, isolated from the rest of the casino's network, the hacker managed to break through to the mainframe and steal data from the organization.
"The data was being transferred to a device in Finland," says Darktrace. "No other company device had communicated with this external location."
"No other company device was sending a comparable amount of outbound data," experts added. "Communications took place on a protocol normally associated with audio and video."
In total, the hacker managed to steal over 10GB of data by siphoning it off via the IoT fish tank.
Other hacking scenarios detailed in the Darktrace report include the case of a US insurance company who had its servers hijacked by a cryptocurrency miner, and several cases of insider threats, companies hacked by former or current employees.
Image credits: Darktrace
Comments
BeckoningChasm - 6 years ago
The idea of putting every single thing on a network is getting ridiculous. Why does a fish tank need internet access?
polizeros - 6 years ago
Security needs to be baked into IoT devices. Right now, it's barely an afterthought.
P3PP3R - 6 years ago
There is absolutely no hope for IoT devices to become secure. Most people have no clue what that nagging little message about renewing their antivirus means on their computer and have no protection on their phone.
I can't imagine them going all out to secure their toaster, washing machine, refrigerator and apparently fish tank.
Best I can come up with the makers of IoT devices put the code they need in there and fill the rest up with a crypto mining bot software (Making them $ so they will be inclined to take care of it), make it so full and so busy that there is no room or time for it to be compromised. Yeah I know there is a flaw in that plan.
NickAu - 6 years ago
" Why does a fish tank need internet access? "
Some of those fish tanks are worth big money and the fish can be worth even more, and can be difficult to maintain by novice fish keepers, I bet the data from the smart tank was being monitored off site by the local aquarium specialist. They are lucky the hacker didn't mess with the heaters and such they could have lost all their fish.
This fish is worth $300,000
http://nypost.com/2016/06/05/this-fish-is-worth-300000/
Something like this can easily be worth over $1 000 000, and with that kind of money on the line a few dollars on security would have been a safe bet.
https://www.youtube.com/watch?v=j91p_gTJgdQ