What Hackers Like about the Internet of Things
Big companies and small companies alike continue to popularize the term “Internet of Things” (or “IoT’ for short). IoT refers to the continuously growing and expanding use of sensors imbedded in products that send and receive information via the internet. You do not just have lightbulbs now; you have smart lights such as Philips Hue. With Hue smart lights, you can control the brightness and color of your lights right from your cell phone or by voice, so much more than “Clap on. Clap off.” If you watch TV you cannot miss the current ad campaign from GE designed to inform us that GE is hiring an army of software engineers because all of its products will soon be connected to the internet communicating vast amounts of information about their products—the internet of things. Now, it makes a great deal of sense that GE would want to hear regularly from all of its GE90 jet engines powering Boeing 777s around the world. At a price tag of $24 million each and the awesome responsibility of keeping massive airliners aloft and safe, sensors communicating the status and operating conditions of its engines make perfect sense. Such sensors help engineers better maintain and service these massive and complex machines. However, the bulk of the IoT expansion is at a much less complex and essential level.
Recently, a friend of mine was complaining that ever since he purchased a new refrigerator from Samsung it just keeps bothering him to set up a WiFi connection for it because the fridge wants to connect back to the factory and to people in the home to share information it is gathering from its sensors. The problem with this massive proliferation of sensors all communicating across the internet is that they are not necessarily secure from hackers. It may not be obvious what a hacker would want to do with information about how often you open your fridge door and at what times of day, but there is more than just the information flowing back and forth. In fact, hackers may want personal information and habits gleaned from your behavioral data so they can determine the best time to rob your house. Moreover, the IoT devices need to use your WiFi in some cases, exposing your network to hackers if the security is not set up properly. Recently at DefCon, the premier hackers conference, a team discovered that with a simple hack on the Samsung Fridge that was using Google Gmail Calendar on its display, they could get the users Gmail credentials and login information. With the Gmail credentials, hackers would then have access to email and other information.
Additional alarming hacks against the internet of things are so called botnet attacks (botnet stands for “robot network”.). During botnet attacks, hackers deploy malicious software that lets the hacker take control of thousands of sensors that are connected to the internet. The hackers can use their army of bots to mount massive attacks against the internet that overwhelm the internet computers, eventually shutting the whole network down. Last year in October, hackers mounted the so-called “dyn” attack. They had taken control of internet connect devices such as baby monitors, printers and cameras and launched the largest internet attack in history, knocking down the internet in parts of North America and Europe.
At a more intimate level hackers have demonstrated the ability to hack internet enabled automobiles. For example, hackers demonstrated the ability to hack a 2014 Jeep Cherokee, remotely disabling the brakes and transmission of the automobile. Other hackers demonstrated the ability to remotely start and unlock cars from GM, BMW and Mercedes Benz. One of strangest hacks was the infiltration of an internet-enabled sniper rifle where the hackers could take control of the computer controlled sight and make the shooter think she was aiming at one thing but really was aiming at something else.
The internet of things surrounds us and is growing more rapidly each year. There are literally billions of remote sensors connected to the internet sending information to manufacturers and consumers. The convenience of remote control and connectivity for the consumer and the benefit to designers and engineers to make better and safer products is clear. However, the IoT has also brought with it a whole host of new security issues that need to be addressed. Hackers now have a veritable playground to explore with new devices coming online every day that have not employed.