The Worst and Weirdest IoT Hacks of All Times
With an increase of global reliance on the internet, IoT devices are also wading into every facet of our daily lives.
According to Gartner, there will be more than 20 billion IoT devices by 2020 and as many as 75 billion connected IoT devices by 2025. Unfortunately, the safety and integrity of these devices are still widely ignored, and there are more and more cases of them of being hacked and used as part of a botnet.
“Things that were once the plot for a science fiction movie, such as household appliances being hacked and turned against humanity, now became a reality. IoT hacking can be extremely effective, producing DDoS attacks that can cripple our infrastructure, systems, and way of life,“ says Daniel Markuson, the digital privacy expert at NordVPN. “If you have multiple devices connected to the same network in your home or office, and a hacker gets access to one device, they could break into all of them.”
According to NordVPN’s digital privacy expert, even though it’s hard to believe that a baby monitor or a seemingly simple toy can do significant harm, it’s no longer only computers or smartphones that are at risk of cyberattacks. Take a look at these crazy examples of IoT hacking and vulnerabilities recorded in history:
A thermometer in a lobby aquarium
It always seems that casinos are some of the most secure organizations in the world, but they can be hacked as well. A few years ago, a group of hackers used a rather unconventional method to break into a casino. They managed to access its network via an internet-connected thermometer in an aquarium and extract its high-roller database with all sensitive details.
Parents nightmare: hacked baby monitor
Baby monitors started as simple one-way radio transmitters and evolved into sophisticated Wi-Fi-enabled smart devices with cameras, infrared vision, and other features. However, as everything IoT, those devices can be hacked as well. Late last year, a family from the US experienced a real nightmare. A hacker got into the wireless camera system used to keep an eye on the baby and threatened to kidnap him. This case is not an exception. There are several reported incidents of strangers' voices being heard over baby monitors.
Hackable sex toys
Last year, researchers from a tech firm SEC Consult announced that the private sex life of at least 50,000 users had been exposed by a sex toy ‘Vibratissimo Panty Buster.’ Multiple vulnerabilities put at risk not only the privacy and data but also the physical safety of the owners. All customers’ data was accessible via the internet in such a way that explicit images, chat logs, sexual orientation, email addresses, and passwords were visible in clear text. But it’s not the worst part. The ‘Panty Buster’ toys could be hacked to remotely inflict sexual pleasure on victims without their consent.
A spy in your own home
Earlier this year, CNN managed to access a variety of camera feeds using a search engine for IoT devices Shodan. One of the feeds showed a family in Australia and its daily routine, while other cameras captured a man in Moscow preparing his bed and a woman in Japan feeding her cat. All of them seemed unaware of the fact they could be watched through a camera in their own room. According to CNN, none of the cameras had had security checks and were open to anyone who knew the right address.
Insecure home thermostats
In 2016, hackers left the residents of two apartment buildings in Lappeenranta, Finland in freezing cold for nearly a week by launching a DDoS attack on their environmental control systems via thermostats. Because both the central heating and hot water systems were attacked, the environmental systems were rebooted in their attempt to fight off the attack and got stuck in an endless loop.
Hackable medical devices
In 2017, the US Food and Drug Administration (FDA) confirmed that St. Jude Medical’s implantable cardiac devices could be easily hacked. Such devices are usually used to monitor patients’ heart functions and control heart attacks. However, due to transmitter vulnerabilities, hackers could control shocks, administer incorrect pacing, and deplete the battery. And it’s not the only time when the FDA issued similar warnings. Earlier this year a new alert was issued on the security of Medtronic insulin pumps, which hackers could remotely access and control.
The spying doll Cayla
In 2017, Germany banned an interactive doll ‘My Friend Cayla’ because it contains a “concealed surveillance device.” According to the researchers, hackers can use an insecure Bluetooth device installed in the toy to listen and talk while a child is playing with it. This interactive doll opens ways for hackers to use its cameras and microphones to see and hear whatever Cayla does. The Cayla companion app also encourages children to share their parents’ names, what schools they go to, and where they live.
Backseat driver of your jeep
Back in 2015, a team of researchers was able to take total control of a Jeep SUV. By exploiting a firmware update vulnerability, they hijacked the vehicle and made it speed up, slow down, and veer off the road - almost a scene from Fast and Furious. Luckily, this time, it was a team of researchers and not a real hacker. Four years later, we are still dreaming about autonomous cars and but many of the previous vulnerabilities still haven’t been addressed.
How to stay safe?
Internet-connected devices make our lives easier. However, most of them lack the security features that are standard in computers, tablets, and even smartphones. That’s why, according to the digital privacy expert Daniel Markuson, before acquiring a new IoT device and bringing it home, you should always consider whether it really benefits you.
“Of course, it doesn't mean that, if something can be hacked, it will be. Many of these cases are still theoretical, but staying cautious can do harm. If you have a smart device at home or work, read more about it and use network security technologies. Strong passwords and authentication methods reduce the risks as well,” says Daniel Markuson, digital privacy expert at NordVPN.