When you think security, you think advanced malware protection, firewalls, and recognizing phishing email. You don’t think that your car or medical device could be the next hacking target. Such is the case with many security professionals who were introduced to several ways to hack IoT devices.
Hacking Cars and Disabling Breaks
One of the most disturbing revelations this year was the proof of concept from security experts during Defcon. These security experts showed how they could hack several car models including Teslas, Jeep, Corvettes, BMW and Mercedes Benz. The hacks gave attackers access to anything from turning on the car engine to turning off braking systems remotely.
With the Jeep hack, attackers were able to disable both the transmission and the brakes. The issue was so severe that Fiat Chrysler recalled over 1.4 million cars and sent out USBs with patching directions to its customers.
Hacking Medical Devices with Deadly Consequences
Disabling brakes in a car may pose indirect deadly consequences, while the threats against medical equipment have a direct impact that could result in death of the patient.
The first vulnerability was found in pacemakers and actually was brought to the attention of the medical doctor who implanted a pacemaker into Dick Cheney. The attacker was able to hack into the wireless connection in a dummy used to simulate the event. The attackers were able to speed up the pace and slow it down, which eventually killed the dummy patient.
Pacemakers weren’t the only vulnerable medical devices. Hackers were able to breach the equipment used to drip drugs into a patient in the hospital. They could increase or reduce the dose, which potentially could kill the helpless patient. These infusion pumps are the backbone for diabetes insulin injections, so it’s become a priority in the medical field to secure these devices. The fixes for these devices could then be used to repair and patch other vulnerable devices.
Other Hackable IoT Devices
Some other notable devices were cracked this year, although the consequences are far less severe than the previous section’s equipment.
The first notable IoT device was the new Barbie doll from Mattel. Mattel added Wi-Fi connectivity to allow parents and children to connect the doll with a smartphone or tablet. Hackers were able to prove that the app could be breached and spoofing was possible. They were also able to hijack the recordings made by parents and children stored in the cloud.
The new Samsung smart refrigerator was also shown to have major vulnerabilities. The device connected to Google calendar, but it failed to validate SSL certificates. This left users’ Gmail credentials open to eavesdroppers who were able to pick up the device’s connection.
Hackers were also able to even take control of a sniper rifle’s aiming scope system.
With these new threats, next year should see some promising security efforts to protect these devices from future malicious attacks. While the threats are still just exposed for testing purposes, it shows that these devices need added efforts to protect them from malicious attacks.