IoT Crimes

28 Feb IoT Crimes

Posted at 19:24h in Blogs by Di Freeze

IoT Crime Diary

Q3 2017

IoTCrimes.com — sponsored by Pwnie Express — provides business and technology executives, chief information security officers (CISOs), IT security teams, and the cyber community with a quarterly diary of noteworthy Internet of Things (IoT) hacking and breach activity, and the latest innovations aimed at thwarting IoT crimes.

Are IoT devices weapons of mass disruption?

Completely hackable homes are being powered by IoT devices

– Brad Casey

Menlo Park, Calif. – Oct. 3, 2017

‘The Big Data Bang’ is an IoT world that will explode from 2 billion objects (smart devices which communicate wirelessly) in 2006 to a projected 200 billion by 2020, according to Intel.

Gartner forecasts that more than half a billion wearable devices will be sold worldwide in 2021, up from roughly 310 million in 2017. Wearables includes smartwatches, head-mounted displays, body-worn cameras, Bluetooth headsets, and fitness monitors.

ABI has forecasted that more than 20 million connected cars will ship with built-in software-based security technology by 2020 — and Spanish telecom provider Telefonica states by 2020, 90 percent of cars will be online, compared with just 2 percent in 2012.

Hundreds of thousands — and possibly millions — of people can be hacked now via their wirelessly connected and digitally monitored implantable medical devices (IMDs) — which include cardioverter defibrillators (ICD), pacemakers, deep brain neurostimulators, insulin pumps, ear tubes, and more.

That spells a whole lotta IoT growth, and hacking activity, in the latest IoT Crime Diary.

September

Sep. 26. Due to the battery life problems inherent in man IoT devices, Cypress has deployed a solution. Cypress Semiconductor announced a new chip that provides portable IoT devices with low-power Bluetooth and Wi-Fi connectivity.

Sep. 25. SPYRUS, Inc. announces a partnership with Microsoft that will reportedly result in more secure IoT devices as SPYRUS will assist with encryption and authentication mechanisms.

Sep. 20. Leading hygiene company Essity will be teaming with Microsoft to better market its hygiene and health products to IoT customers. Essity will be taking advantage of Microsoft’s Azure platform.

Sep. 21. The idiocy of things? This author notes how different vendors may utilize proprietary IoT technology to trap consumers into using their product exclusively.

Sep. 19. In an effort to better secure IoT devices, the Trusted IoT Alliance is created as a way of standardizing a blockchain protocol. Among the companies involved in the Alliance are isco, Gemalto, and U.S. Bank.

Sep. 15. According to one bureaucrat within the Indian government, the IoT industry will result in approximately 10 to 15 million jobs in the next few years. The bulk of these jobs will reportedly be created by startups.

Sep. 14. The Atlanta Chamber of Commerce is attempting to make Atlanta a hub for IoT technology. They have implemented a task force whose mission is to recruit IoT startups.

Sep. 12. According to one U.S. senator, IoT devices could pose a national security risk, as each device may be used as a “weapon of mass disruption.”

Sep. 12. The Industrial Internet of Things (IIoT) industry is becoming increasingly dependent on mobile applications. For example, video teleconferencing apps allow remotely located individuals to monitor hazardous areas.

Sep. 12. Frost & Sullivan bestows an award on DigiCert for its widely acclaimed efforts at securing IoT devices. DigiCert is a leader in providing authentication and encryption solutions.

Sep. 11. China’s Internet of Things market has grown in excess of $140 billion. Many within the computing industry expect China to be a global leader in the IoT industry.

Sep. 11. The Internet of Things may help America unleash its full manufacturing potential as many researchers in government, academia, and private industry are examining ways to implement IoT.

Sep. 11. T-Mobile is planning to launch its narrowband, IoT network by mid-2018. The end goal is to help IoT customers bring their products to market faster.

Sep. 7. One researcher lists some jaw dropping facts about the IoT industry. Making the list is the fact that the IoT market size is measured in the trillions.

Sep. 6. The Indian, state-owned, Bharat Sanchar Nigam Limited enters into an agreement with U.S. based Coriant to lay the groundwork for a 5G cellular network in combination with a new IoT network.

Sep. 5. In order to see maximum growth within the IoT industry, cutting edge optics must be utilized. One researcher discusses the advantage of fiber optics over cameras.

Sep. 1. One researcher gives suggestions regarding how to secure IoT devices. The author lists such low hanging fruit as changing default passwords, and implementing encryption keys.

Sep. 1. Oracle decides to infuse its IoT Cloud platform with artificial intelligence that will be able to provide business with more detailed information. Among the services that will be available is greater visibility into the supply chain.

August

Aug. 31. The British telecommunications company, Vodafone, has implemented the early stages of a narrowband Internet of Things network in Ireland. The end goal is to link millions of devices that require low amounts of throughput such as parking spaces and trash bins.

Aug. 31. The Internet of Things may revolutionize how senior care is practiced, says some professionals within the assisted living industry. Much of the technology currently used, such as pacemakers, will allow for remote diagnoses which will increase the speed of care.

Aug. 31. In an interesting twist on the Internet of Things, Oracle teams with Mitsubishi – not to create a smart automobile – but to create a platform that assists with smart manufacturing.

Aug. 30. According to the CIO of Arizona State University, implementing IoT on the campus level provides a lot of insight into what one can anticipate on a more macro level.

Aug. 27. The Industrial Internet of Things (IIoT) has made great strides in various industries to include automotive and healthcare. However, one researcher says that the true power of IIoT will not be realized until Machine Learning becomes more advanced.

Aug. 25. VMware and ADLINK Technology team up to make an end-to-end IoT solution that will make IoT technology faster and more efficient.

Aug. 22. According to one survey, many corporate executives have incorporated IoT into their strategic roadmaps, but many are unsure how to proceed further.

Aug. 22. The city of Buffalo joins a growing list of municipalities that are incorporating a city wide IoT network. The network is the result of a partnership between Sigfox and the University at Buffalo.

Aug. 16. Many within the security industry consider IoT medical devices to be one of the main attack vectors that security professionals should consider thoroughly. The main culprit seems to be legacy devices with dated operating systems.

Aug. 14. As homes get smarter via smart devices, plenty of accoutrements are afforded to the family. However, have we thought through all of the ramifications of the smart home.

Aug. 7. According to multiple surveys, many companies that attempt to incorporate IoT into their environments consider their efforts to be failures. Those that found success took some very deliberate steps.

Aug. 2. Two senators introduce legislation that would theoretically help secure the Internet of Things. The bill would reportedly set minimum security standards for vendors attempting to sell IoT devices to the government.

July

Jul. 31. Samsung’s IoT platform, Artik Cloud, has allowed Samsung to monetize various IoT devices. Artik Cloud allows manufacturers to provide support for third-party applications and devices.

Jul. 28. According to some within the security industry, most CISOs don’t know how to secure the distributed nature of IoT. However, one method known as blockchain may provide the answer.

Jul. 24. Some within law enforcement are warning the everyday consumer to be careful when purchasing IoT devices for the home. This comes on the heels of a report that indicated that British spy agencies, in conjunction with the CIA, turned various Samsung devices into bugging devices.

Jul. 18. The Bluetooth Special Interest Group announces the arrival of the Bluetooth mesh network. This new network will allow Bluetooth devices to communicate with multiple other Bluetooth devices simultaneously.

Jul. 18. Comcast announces that it has plans to deploy an Internet of Things network in 12 different cities. The network will cover roughly 50% of each city.

Jul. 18. Security researchers have found a bug that could be used to exploit thousands of IoT devices around the world, to include security cameras. The vulnerability could allow nefarious individuals root access to said devices.

Jul. 17. The FBI issues a warning against Internet connected toys. According to law enforcement, many Internet connected toys are indirectly spying on kids via voice recognition.

Jul. 17. One industry that stands to profit from the proliferation of the Internet of Things is the chip industry. Consequently, Intel, the world’s largest semiconductor producer stands to reap sizable financial benefits.

Jul. 14. Some within the real estate industry are saying that the Internet of Things is on the verge of creating a major disruption in the corporate real estate market. According to some, many buildings will be able to report data about their structural health, and make said data available online.

Jul. 12. The platform known as the IBM Watson IoT has been named a leader in the IDC Marketplace. Watson is used across 6 continents by thousands of clients.

Jul. 12. One innovative application for IoT devices is for pest control. Among the methods used for this application is the smart rat trap.

Jul. 11. While the Internet of Things is resulting in significant amounts of innovation, it may behoove some to pause and think about the risk involved with incorporating IoT into daily lives – especially in terms of healthcare information.

Jul. 11. Enterprise software company, SAP, forms a partnership with energy company Centrica. The partnership is an effort to provide Centrica connectivity through the Internet of Things.

Jul. 10. If one were interested in investing in stocks that involve IoT, one may be well served to invest in these 3 stocks.

Jul. 10. In terms of healthcare within rural areas, IoT may prove to be revolutionary as it will allow for remotely located healthcare providers to remotely diagnose individuals wearing smart devices.

Jul. 6. According to one report, Dish Network and Amazon are negotiating a joint effort to create a wireless Internet of Things. The talks are still in their infancy, but some within the industry see a massive effort in the future.
Jul. 5. Xiaomi and Nokia are teaming up to develop various smartphone add-ons which will include IoT functionality.

Stay tuned for the Q4 2017 IoT Crime Diary.

– Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.

Q2 2017

IoTCrimes.com provides business and technology executives, chief information security officers (CISOs), IT security teams, and the cyber community with a quarterly diary of noteworthy Internet of Things (IoT) hacking and breach activity, and the latest innovations aimed at thwarting IoT crimes.

SECOND EDITION

IoDT is more like it

Internet of Dangerous Things: DVRs, teddy bears, industrial robots, webcams, and more

– Brad Casey

Menlo Park, Calif. – Jul. 2, 2017

Cyber threats have evolved from targeting and harming computers, networks, and smartphones — to people, cars, railways, planes, power grids and anything with a heartbeat or an electronic pulse.

What Things are being hacked today? PCs, laptops, tablets, smartphones, medical devices, kitchen appliances, thermostats, TVs, wristwatches, pet collars, webcams, thermostats, you name it.

The second edition of our IoT Crime Diary continues to sheds light on a potential future apocalypse of Things, and the innovations that can prevent that from happening.

June

Jun. 22. A study conducted by AT&T indicates a 458% increase in vulnerability scans of IoT devices. Hackers are constantly looking for vulnerable devices.

Jun. 13. According to some security experts, IoT devices are a danger to networks even without attackers attempting to hack the devices. Some devices utilize firmware that is so old that the software can’t be updated to talk to newer operating systems.

Jun. 12. The Chinese company known as Shenzhen Foscam released a statement indicating that many of the remote-controlled video cameras that it sells may be vulnerable to cyber attack. Up to 18 vulnerabilities were identified.

Jun. 9. According to the Pew Research Center, a survey of 1,200 experts reveals that 15% of said experts expect a large number of people to withdraw from connected life due to the lack of security in IoT devices.

Jun. 9. The Norwegian Consumer Council discovers that a children’s doll is connected to the Internet and recording what children say. The data is subsequently sent to a U.S. company.

Jun. 8. A study released by Cisco states that DDoS attacks increased by 172% in 2016. The release of this study follows the release of their new IoT Threat Defense Security Architecture.

Jun. 7. One expert weighs the risk when making the decision to purchase IoT devices. He poses the question, “Do the benefits of an Internet-connected coffee maker really outweigh its security issues?”

Jun. 6. According to NexusGuard, the proliferation of IoT devices will result in an increase of botnet activity in 2017, as this new attack vector provides a rich variety of vulnerable Internet connected devices.

Jun. 1. At the Dubai IoT Expo, attendees focus on a 2-pronged strategy toward being secure within an IoT environment: Emphasize security, and encourage more openness with data.

May

May 25. According to a report released by NTT Security, 60% of all DDoS attacks originating from IoT devices originated from Asia in 2016.

May 25. Security experts at Palo Alto Networks discuss penetration testing networks that contain IoT devices. They discuss the difficulties in properly assessing networks that have devices outside of the enclave.

May 24. Flash networks releases a new network-based solution, xtraArmor. Its purpose is to protect, among other things, IoT devices.

May 23. At first deemed unusual by many business analysts, the partnership between Amazon and Dish Network may prove to be a master stroke as Amazon seeks to delve deeper into the Internet of Things.

May 22. At IoT Week 2017 in Geneva, security experts will gather together to discuss topics such as privacy, the impact of new EU regulations, and emerging trends and technologies.

May 19. According to security experts at Avast, the hacking of home routers has become a major problem. If end users discover that their home router has been hacked, they recommend throwing it away and purchasing a new one.

May 18. The recent attack against the UK’s National Health Service highlights the need to secure IoT devices. Security experts anticipate 22.5 billion IoT devices with active Internet connections by the year 2021.

May 18. A sixth grader from Austin, TX displays his hacking prowess by hacking into Bluetooth devices to control his robotic teddy bear. The demonstration was performed at the World Forum in The Hague.

May 16 Japanese security officials indicate that securing IoT devices has become a real problem for Japanese cyber infrastructure. Approximately 600 Japanese IP addresses were targeted in the most recent ransomware attack.

May 15 This security expert discusses how the Internet of Things can affect today’s connected automobiles. Web servers that connect to the apps within a vehicle may be used for nefarious purposes.

May 15 Security researchers talk about the need for more IoT researchers and defenders. Many of the IoT devices that are connected to critical infrastructure were created before anyone understood existing vulnerabilities.

May 13. In a stroke of genius, a British security expert discovers a kill switch in a major cyber attack against the NHS. He discovered that when the malware iterates through its code, it first checks to see if the domain that it throws at a target actually exists. If it does, the malware ceases to execute.

May 12. A large scale cyber attack seriously impacts the UK’s National Health Service. The attack seems to have originated from IoT devices.

May 8. Author calls for a cultural change as it pertains to our approach to securing IoT devices. More vigilance is called for when it comes to things like default passwords.

May 8. Japan’s Internal Affairs and Communications Ministry will provide security ratings to IoT devices in an effort to provide consumers with more information.

May 4. TrendMicro discovers 83,000 industrial robots are Internet facing, and vulnerable to attack. This has been deemed yet another IoT attack surface.

May 3. White Hat hackers at the Internet of Things Research Lab at SRI International in Menlo Park work toward breaking into IoT devices as a means of securing them. One recommendation is to avoid devices that are Wifi enabled.

May 1. Cloudfare decides to market toward IoT device manufacturers and releases their Orbit solution. The new system provides connectivity to Cloudfare’s firewall, which is located in the cloud.

May 1. Security experts delve deeper into BrickerBot, and they discover that it utilizes many of the same exploits utilized by Mirai.

April

Apr. 29. According to a study done by Juniper, 46 billion IoT devices will be connected to the Internet by 2021, at which time the world will have moved on to the more stable IoT 2.0.

Apr. 26. According to a recent study published by Symantec, attackers exploit vulnerabilities in Microsoft’s Powershell, and they take advantage of the proliferation of macros within Microsoft Office.

Apr. 25. In an effort to combat the DDoS malware known as Mirai, cyber vigilantes have developed and deployed malware that simply renders IoT devices useless.

Apr. 25. In yet another report on the new malware named Hajime, Kaspersky reports that over 300,000 IoT devices are a part of the new botnet. Devices such as DVRs and webcams are some of the most commonly infected devices.

Apr. 24. This author indexes 8 IoT related DDoS attacks, and talks about how these attacks changed the paradigm as it pertains to securing IoT connected devices.

Apr. 24. HackerOne CEO states that the Internet of Things will result in increased demand for White Hat hackers. They have received approximately $15 million from companies since 2012.

Apr. 20. The new worm known as Hajime is shrouded in mystery, as security experts wrestle with whether or not to trust the intent of the new software.

Apr. 20. This security expert discusses a ‘kill chain’ as it pertains to IoT attacks. He recommends a layered approach to defending against such attacks.

Apr. 14. Security company, Beaming, reports that the UK undergoes close to 500 cyber attacks a day. Approximately 92% of attacks are against IoT devices.

Apr. 12. One professional discusses 4 ways to secure IoT devices. Among the recommendations is to ensure default passwords are changed.

Apr. 12. This expert provides a breakdown of the not insignificant paradigm shift taking place as it pertains to IoT devices.

Apr. 12. Because WordPress wasn’t vulnerable enough already, ISPs decided to increase their vulnerability footprint by issuing routers that are vulnerable to IoT attack.

Apr. 10. The IoT malware known as Mirai can apparently mine Bitcoin. The mining component was found in the Linux version of the malware.

Apr. 7. Radware comes across BrickerBot 1.0 and BrickerBot 2.0. This new malware targets IoT devices by running commonly used Linux commands.

Apr. 6. Researchers are finding an increasing number of Bricker Bot attacks in the wild. These attempts target IoT devices and attempt to permanently disable them.

Apr. 6. A new study takes an inside look at the weaponization of the Internet of Things, along with the intricacies of Mirai.

Apr. 5. Australian security expert contends that Australia’s traditional method of countering cyber attacks by geo-blocking malicious traffic may no longer be relevant with the proliferation of IoT devices.

Apr. 3. NASA warns of an Internet of Dangerous Things. Security experts within the agency claim that much of the technology relied upon today by most end users is built upon 60 years of bad software development.

Stay tuned for the Q3 2017 IoT Crime Diary.

– Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.

Q1 2017

FIRST EDITION

A future where everyThing is hackable?

All Internet of Things (IoT) devices are at risk of theft, damage or destruction

– Brad Casey

Menlo Park, Calif. – Apr. 6, 2017

Cyber threats have evolved from targeting and harming computers, networks, and smartphones — to people, cars, railways, planes, power grids and anything with a heartbeat or an electronic pulse.

What Things are being hacked today? PCs, laptops, tablets, smartphones, medical devices, kitchen appliances, thermostats, TVs, wristwatches, pet collars, webcams, thermostats, you name it.

The first edition of our IoT Crime Diary sheds light on a potential future apocalypse of Things, and the innovations that can prevent that from happening.

March

Mar. 30. IoT industry power brokers speculate on what the digital world will look like by 2019. Most agree that a hyperconnected world will lead to numerous disruptions in Internet connectivity,

Mar. 29. Approximately 90 percent of IoT devices are vulnerable to remote hacking. Latest attack utilizes rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals to acquire root access to smart TVs.

Mar. 28. According to Nokia, 2016 saw a spike of 400 percent in the infection rate of smartphones and IoT devices. October seemed to be the favorite month for IoT hackers.

Mar. 27. Farmers are are getting into the IoT game as they battle American manufacturer John Deere over the right to use unlicensed software to fix their tractors.

Mar. 24. In a partial effort to combat IoT security issues, the University of Florida plans to open an IoT Institute for Engineers, thanks to a $5 million gift from the Warren B. Nelms Institute for the Connected World.

Mar. 15. University of Michigan researchers hack an IoT device using sound waves. Exploit vulnerabilities are found in hardware.

Mar. 15. Researchers utilize 20 accelerator models from 5 different manufacturers to affect data in 75 percent of tested devices. Test involved using soundwaves against Fitbits and other IoT devices.

Mar. 14. Due to a vulnerability of a Web server in some Dahua devices, security experts are able to hack into devices, and gain full administrative access. Dahua is the second largest IoT device manufacturer.

Mar. 14. Federal Trade Commission is not seeking to impose regulations specific to the IoT industry at this time. Others claim this is a mistake due to a lack of standards.

Mar. 10. Will hacking of IoT devices lead to an Apocalypse of All Things? One day, everything may be hackable.

Mar. 10. Companies can better insulate themselves from liability by taking a few extra steps to insulate themselves from IoT hacks.

Mar. 08. Mongoose OS is enabling more and more devices to join the IoT community. OS allows for utilization of the MQTT protocol for communication.

Mar. 07. IoT security is affecting the staffing landscape. A study finds that 90 percent of organizations lack confidence in their IoT security infrastructure.

Mar. 07. Smart home company, Nest, institutes two-factor authentication into its latest software as a means of combatting IoT hacks.

Mar. 06. Commentator opines that ransomware combined with an IoT hack could have devastating effects on enterprise networks. One scenario involves hacking an HVAC system and turning it off until a ransom is paid.

Mar. 06. As it turns out, good security for IoT devices costs money. Go figure. Author speaks to experts within the security industry to get a sense of just how much money is placed into various products.

Mar. 04. Due to the proliferation of IoT devices, some companies are developing servers that sit on the edge of enterprise networks, and process incoming data before sending the data to core servers.

Mar. 03. Enjoy IoT devices as they can add value to your life, but also take 10 easy steps to improve your security posture.

Mar. 03. House Democrats introduce a bill that will grant additional regulatory powers to the FCC to combat cyberattacks. FCC chairman is skeptical of the bill.

Mar. 02. A hidden backdoor is found in various Chinese IoT devices manufactured by DblTek –allowing users to gain Telnet access to affected devices.

Mar. 02. Nokia and Airtel team up to research 5G connectivity for IoT devices. This could result in billions more IoT connected devices.

Mar. 01. Not to be outdone, robots have been deemed by some to be just as vulnerable as IoT devices. A report by IOActive reveals that robots suffer from many of the same maladies that affect IoT devices, such as authentication issues, weak cryptography, etc.

February

Feb. 28. Internet of Things is the backdoor to hacking your home. Website Shodan enables attackers to search the entire Internet for vulnerable IoT devices.

Feb. 28. Weird stuffed animal hack leaves many parents disturbed as their recorded messages are accessed from MongoDB. Then messages are then locked and held for ransom.

Feb. 21. Going against the grain, Kaspersky decides against utilizing the Linux kernel for its new KasperskyOS. The new OS designed explicitly for IoT security.

Feb. 20. Researcher details 9 new IoT hacks that will rapidly proliferate in the near future. Apparently, not even heart monitors are safe.

Feb. 19. AT&T forms Cyber Security Alliance with IBM, Nokia, Palo Alto, Symantec, and Trustonic as AT&T researchers report a 3,000+ percent increase in attackers scanning for IoT vulnerabilities over the past 3 years.

Feb. 17. 3D printers considered another hackable IoT device. Cheaper, sub-standard on-board computing may be the culprit.

Feb. 14. Verizon finds that an unidentified university victim of a DDoS attack is due to the hack of campus vending machines. The attacker directed victimized machines to random seafood websites.

Feb. 14. Many IoT devices running the Linux kernel may be vulnerable to Linux/DDoS-BI. This version of malware crawls the Internet and attempts to brute force devices via SSH utilizing default credentials.

Feb. 12. Researchers find that most smart devices used in the enterprise are vulnerable to attack. Default passwords and weak initial designs are becoming an epidemic.

Feb. 06. While vulnerability testing of software and network configurations has spiked over the past decade, hardware vulnerability has fallen by the wayside.

Feb. 03. Utilizing Tesco Bank’s mobile app, thieves hack into the Tesco Bank system and come away with £2.5 million. The bank was told about the vulnerable app prior to the attack.

Feb. 03. Researchers at RSA Conference 2017 plan an in-depth discussion regarding IoT security and Mirai malware.

Feb. 03. Rapid7 announces that their Metasploit toolkit has been updated to test IoT devices. The framework can now link directly to hardware.

Feb. 03. Researcher figures out how to hack a coffee maker via the Smarter Coffee app. He figures out how to access the coffee maker via command prompt, thereby rendering the actual app obsolete.

January

Jan. 24. Healthcare execs aware of the various vulnerabilities in IoT devices, but fail to take action. Apparently, insulin pumps aren’t considered critical infrastructure.

Jan. 20. Ponemon Institute finds that 80 percent of IoT devices not tested for security flaws. Study involved a survey of 593 IT and IT security practitioners.

Jan. 19. Need for properly configured firewall is apparent from Samsung SmartCam hack. The hack was discovered in 2014, but not patched until 2016.

Jan. 11. Car hacking could be an epidemic by 2021 as Ford plans to launch its own line of fully autonomous cars.

Jan. 6. Symantec dips its toe in the hardware market by developing Norton Core. The device helps secure IoT devices.

Jan. 6. In an effort to improve efficiency, lack of security in IoT devices may begin with the manufacturer.

Jan. 5. Federal Trade Commission agrees to sponsor a patching tool for IoT devices. The best tool will win $25,000.

Jan. 4. Smart meters are deemed fatal due to numerous security vulnerabilities. The devices could be exploited to start fires.

Jan. 3. IoT devices will help law enforcement solve crimes. Apparently, digital forensic investigation of doorbells could allow investigators to discover who rang the doorbell.

Stay tuned for the Q2 2017 IoT Crime Diary.

– Brad Casey is a freelancer writing about any and all things IT and cybersecurity related.

Print page