5 IoT Security Fails Of Smart Devices And Lessons Learned

Hackers are already eyeing unprotected IoT devices every user has in their homes. These small components are a default technology that manufacturers put in all sorts of devices — from baby monitors, printers, and pacemakers to smart TVs.

With billions of Internet of Things devices that are globally connected and sharing what is often sensitive user data, we need to talk about IoT Security.

From harmless pranks to life-endangering hacking, vulnerable IoTs can cause quite a stir. What can we learn from IoT hacking incidents that happened in recent years? Why is putting the best security practices for IoT devices so challenging?

Hacking of Amazon’s Ring Cameras

In 2020, several of Amazon’s Ring security systems, which feature a camera and two-way communication, were hacked. A home security camera allowed strangers to communicate with children. Some people even received death and sexual threats, while others were blackmailed.

This security incident might ring a bell if you’re seen the reports of the class action against Amazon in the news.

What happened, exactly?

Hackers broke into the Ring account linked to the camera, exploiting Amazon’s lax security practices. As a response, Amazon urged customers to change their passwords to stronger ones and enable two-factor authentication.

The security lesson that was learned in this IoT hacking case?

Users have an inherent trust in the technology they purchase — they believe that it’s safe and that it’s not their job to secure it. Pinning the cyber incident on them and failing to improve the security measures is a poor way of handling a security problem.

Roomba Recording Woman On the Toilet

In 2020, workers from Venezuela posted a series of images shot by a robot vacuum, Roomba — raising major data privacy concerns. One of the images captured a woman sitting on a toilet.

This was possible because the data uploaded in the cloud via the IoT device was not secured enough.

Roomba confirmed that the images were, in fact, shared by the robot vacuum. Also, it claims that the images stem from the training of the robot in the development stages and that this version is not the one available on the user’s home devices.

What can we learn about cyber protection from this case?

Security needs to be layered.

If one point is not properly protected, this opens up users to cyber threats. This case is a reminder that protecting only IoT devices doesn’t cut it. The other points, such as the cloud to which it links, have to be guarded as well.

Worst DDoS Attacks Caused by IoT Botnet

In 2016, the Mirai botnet took down parts of the internet and affected companies such as Reddit and Netflix.

The botnet refers to a group of hijacked devices. For instance, a bad actor gets control over several computers, which then allows them to initiate a Distributed Denial of Service (DDoS) attack that overwhelms and takes down the entire network.

In the Mirai case, the botnet comprised the grouped IoT “zombie” devices. The hacker who controlled the botnet used it to start the largest DDoS attack to this day.

This incident was possible because of the poor default passwords that weren’t changed by users on IoT components.

What can we take away from this IoT hacking?

Weak “12345” passwords are still a major issue and key weakness for IoT devices. In the manufacturing process, they’re set as a default, and once they reach the user’s homes, they remain the same — unless the user changes them.

Hacked TRENDnet’s Cameras Reveal Login Information

In 2012, threat actors shared the live feeds of over 700 TRENDnet cameras. What’s more, the company revealed that they were sharing users’ login data over the internet in the form of plain text, without encryption.

Some of the applications for their cameras include general at-home security and baby monitors — which means that malicious actors can use the access to attain the private information of users.

The issue occurred when the hacker found a major flaw in the TRENDnet’s home security cameras — anyone who had the IP address of the device could gain access.

What do we now know following TRENDnet’s web camera hacking?

This is another example of how users aren’t aware of their role in making IoT devices secure — which opens up the question of who should be entirely responsible for IoT cybersecurity incidents in the IoT space.

Printing Work Messages On McDonald’s Receipts

In 2021, cybercriminals used their hacking abilities to print messages about workers’ rights on McDonald’s receipts. Some of them would include notes such as “Are you being underpaid” and “You have the legal right to discuss your pay with your coworkers”.

The purpose of the hack was to put pressure on employees and encourage them to discuss salaries with each other.

This was possible due to the open port TCP 9100 vulnerability which allowed hackers to connect to receipt printers via the internet and send the pre-written pro-labor messages.

What can we learn from this IoT hack?

Besides “pay your workers more”, this case is a reminder of how poorly protected IoT devices, such as printers, are. Companies use them every day, yet people rarely think of them as a security threat.

IoT Security Is a Challenge We Have Yet to Overcome

Some of these cases took place over seven years ago but depict the issues that we’re still dealing with today when it comes to the protection of IoT devices.

The thing is — the number of these components is rapidly growing all over the world.

Poor IoT security leads to all sorts of hacking incidents — especially the kind that opens the door to a smart home or begins reigning over security cameras.

In some industries, the fast-paced integration of IoT can endanger lives — when healthcare devices such as pacemakers get hacked, or a driver loses control of their self-driving smart car.

You may also like to check out:

You can follow us on Twitter, or Instagram, and even like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.