IoT Devices Are The Latest Hacking Targets For Cyber Attacks

by CXOtoday News Desk    Nov 04, 2016

IoT hacking

With IoT sector picking up, and studies estimating 34 billion devices by 2020, it is thus imperative that all industries be excited about it, owing to the change in which it changes everyone’s life. Not just the home automation, but healthcare, retail, and other industrial segments are connected to IoT use-cases, or hold promise of undergoing transformational changes in multiple ways.

But with such optimism, there are certain areas, which come across as gray, and also prove to be vulnerable to external cyber attacks, leaving an area to be filled by cyber security. One such practical example, is that of the Philips Hue smart light bulb, which was found with a fault, leaving it exposed for hacking, as per investigations from Weizmann Institute of Science near Tel Aviv, Dalhousie University in Halifax, Canada.

How it works out?

What makes the smart bulb case scary is, hackers may not need to really directly access each device, to spread the infection/virus. In fact the research exercise proved that such hacks can be done from as far as 229 feet, from the actual location of the device. In another case, hackers were able to deny access to a whole section of the internet, by artificially creating a flood of data which choked the servers of the New Hampshire based company Dyn, which is in-charge of some essential components of the internet.

From the investigations that have yet taken place for this case, the hackers were able to generate that kind of bandwidth strength by hacking into a group of IoT devices, i.e. a DDoS (distributed denial of service), but some say the method was entirely different from the report which is yet to come up. A Chinese manufacturer of cameras said that weaker passwords were also to blame for the same.

The reason

Out of the reasons which are being attributed to such vulnerabilities, is the Zigbee standard, which can be used to create a computer worm, which can then spread malicious software among internet connected devices. It was created in 1990’s but never really to the forefront like some of the other standards and protocols of the internet, which have undergone much closer scrutiny over the years. With computer worms which can replicate on devices very easily, were a menace during the late 80s and 90s, but patchwork helped keep them at bay, but with IoT ecosystem taking off, where virtually billions of devices are connected to the internet, and work on the Zigbee standard, they stand exposed to the attacks, similar in nature to the ones mentioned.

Also, as mentioned before, there are a large number of devices which work on a similar protocol and function, can be attacked due to their Zigbee standard functioning built. As a demonstration, an area of 40 sq.miles in Paris were covered, whereby all the smart lights and other IoT devices of the area were hacked, eventually spreading to as many as 15,000 devices in short time, and having them function abnormally. Philips had been notified of thsituation and they did issue a patch on October 4, but did not allow the issue to harped on as much.

In their statement from Beth Brenner, a spokesperson of Philips, it was reported to the NY Times, saying “We have assessed the security impact as low given that specialist hardware, unpublished software and close proximity to Philips Hue lights are required to perform a theoretical attack.”

 Though they did play down the incident, it poses a specific challenge to their entire world of IoT, which is meant to do great things for the future, changing industry and consumer lives in a way never witnessed before.