Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Hacking the Internet of Things For this discussion, your assignment is to find a

ID: 3917946 • Letter: H

Question

Hacking the Internet of Things

For this discussion, your assignment is to find an article online about vulnerabilities or exploits against some sort of device other than a typical computer, gaming console, phone or tablet. Most of what you will find will be attacks described by security researchers rather than attacks by real attackers. That is okay, the purpose of this is just to get a feel for all of the different types of devices that now contain computers (and in most cases, are networked), and how it's relatively easy to find vulnerabilities in these devices.

Some ideas of the types of devices you might find:

Typical household devices – thermostats, refrigerators, smart TVs, toilets (yes, even toilets)
In businesses, many things that can call out for service or for resupply are now network connected, everything from printers to vending machines to fuel tanks at gas stations. Many formerly "dumb" devices are not network connected such as security doors, heating, and air conditioning units (HVAC), electrical power generators, and other systems.
Many medical devices are now network connected (e.g., pacemakers)
Network infrastructure elements such as bridges, routers, various types of middleboxes (e.g., Network Address Translators (NATs), proxies and firewalls), and network services (e.g., DNS servers).
Transportation – cars, planes, etc. should provide some stories
Initial Post Guidelines:

After finding an article on the security vulnerability of an IoT device; write about the device itself, who manufacturers them, what the vulnerability is, and the effects of this vulnerability if not patched.

Explanation / Answer

About vulnerabilities or exploits against the IoT (Internet of Things) devices.

There have been many worst examples or incidents of IoT hacking and vulnerabilities in History. IoT hacking can and even have been extremely effective.

The IoT (Internet of Things) devices.

The IoT devices are- watches, glasses, refrigerators, smart TVs, medical equipment such as pacemakers and defibrillators, heartbeat monitors, air conditioners, IoT tractors on the agricultural fields, cars and trucks on the roads, CCTVs, robots, webcams, microphones, earphones, drones, cameras, machines, etc.

Who manufacturers the IoT (Internet of Things) devices?

Broadly speaking mostly private companies, Governments, IT, security, automobile, and manufacturing companies manufacture the IoT devices. Specifically, the companies include Apple (Watches), Google (glasses), Amazon (Alexa- AI speaker), LG (refrigerators), LG (smart TVs), BMW (cars), etc.

The security vulnerability of an IoT (Internet of Things) device.

Technically speaking, the security vulnerabilities of an IoT (Internet of Things) device are poor strength passwords, no password policy, no password rotation or change policy, inappropriate authorization or full authorization on a device, no Multi-Factor Authentication (MFA) set-up, no least privileged access set-up, no updates or patches applied, the devices affected with viruses and malware, the private address of a device been exposed, access based on MAC address filtering not been set-up, SSID or the network names been broadcast unnecessarily, connecting to the IoT devices to insecure Wi-Fi network at public places, poorly programmed software or firmware running on the devices, some legacy based software IoT devices, the vulnerable connectivity elements makes them exploitable, etc. Also, open-source and freely available software are also the most valid reasons for security vulnerabilities on IoT devices. Security vulnerabilities exist and occur at all the layers of a device, system, and network, i.e., at software, hardware, network, application, and firmware. One other reason are also because of irrelevant protocols and ports been opened and unnecessarily.

What the vulnerability of an IoT (Internet of Things) device is?

Devices that do not have their software, passwords, or firmware updated are vulnerable. Another cause could be not changing the default username and password for the installation of any device on the Internet. Sometimes passwords for IoT devices are not unique for each of the devices, especially when they are connected to the Internet. Patches to IoT devices are not done with the latest software and firmware are not updated to mitigate vulnerabilities. The vulnerability can be in the transmitter of a medical IoT device that reads the device’s data and remotely shares it with physicians. However, the hackers can control a device by accessing its transmitter.

The DDoS attacks can be launched using an IoT botnet. This IoT botnet are made possible by a malware.

Most of the embedded firmware running on these IoT devices are insecure and highly vulnerable because of the bugs in the software and not been fixed, updated, upgraded or patched which can be exploited intentionally or unintentionally leaving an indeterminate number of critical systems and data around the world at risk. On the other hand, user login credentials in clear, readable text shared over the Internet, or saved on the servers or databases and any mobile apps storing customers' login information in clear, readable text on their mobile devices are also vulnerable to attacks. Unencrypted login credentials, unsecured IP addresses against hacking, not password-protected and no SSL connection usage for website or connection for data transmission for the IoT devices to communicate amongst themselves also account to security vulnerabilities.  

What the effects of this IoT (Internet of Things) device's vulnerability are if not patched?

If IoT (Internet of Things) device's vulnerability is not patched, the devices would be hacked or compromised, making way to DDoS (Distributed Denial of Service) attacks crippling our infrastructure, systems, and way of life. These thousands or millions of insecure or vulnerable IoT devices are hacked by hackers to comprise the systems, devices, network and thus the data, manipulate them in a wrong way producing bad effects in our lives. Attackers directly or indirectly exploit a device and use it as a gateway to the core layers of a network collecting sensitive and valuable private data. The more number of IoT devices we have or will have the more number of vulnerabilities or exploits the devices and we would go through thus causing attacks and eventually damages as consequences. It leads to leaving an indeterminate number of critical systems and data around the world at risk. The worst case scenario would be attackers can target a specific person or a group of people and kill them through the exploited IoT devices. Also, this can happen in mass or mass murdering or simple put, this can be a source of weapon to be used in cyber war (war on the Internet).

Attackers are always online and are constantly looking for bugs, vulnerabilities or exploits on IoT devices connected to the Internet. When found, attackers take advantage of these vulnerabilities, login, authenticate, authorize, access these devices, use them at their will to edit, modify, delete or manipulate the data to bring bad effects. Sometimes, these attacks account to ransomware encrypting the data on the devices or simply blocking the access for the user on the device for a ransomware where when paid access may or may not be granted.

The attackers can make the IoT devices malfunction. They can perform DDoS attacks on the devices leading to huge portions of the internet going down due to the heavy illegitimate load of eumerous requests on the devices. When infected with IoT botnets, for instance, computers continually search the Internet for vulnerable IoT devices such as digital cameras, DVR players, Cardiac devices, etc, use default usernames and passwords to login, infect them with malware.

Hackers can access a medical equipment IoT device connected to the Internet (network). Once logged into the devices or systems, they can deplete the battery or administer incorrect pacing or shocks. A faulty software in a webcam can let anyone who obtained the camera’s IP address look through it and sometimes even listen as well. IoT enabled cars can be hacked and can be made to speed up, slow down and even veer off the road.

Related Questions

Haas Company is a retail company that specializes in selling outdoor camping equ
Question #2487267
Haas Company is a retail company that specializes in selling outdoor camping equ
Question #2717589
Haas Company manufactures and sells one product. The following information perta
Question #2331232
Haas Company manufactures and sells one product. The following information perta
Question #2335549
Haas Company manufactures and sells one product. The following information perta
Question #2337465
Haas Company manufactures and sells one product. The following information perta
Question #2339843
Haas Company manufactures and sells one product. The following information perta
Question #2398288
Haas Company manufactures and sells one product. The following information perta
Question #2436222

Navigate

Previous
Hackers have a number of reasons for breaking through network security. Some do
Next
Hactivism A 20-year-old Missouri hacker confessed that he had broken into the co

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.