IoT Security News — Detection Improves,But Gaps Remain

While IoT security hacks and ransomware attacks have been on the rise, the ability to detect attacks and take remedial action has improved. As evidenced by the IoT-security news items below, IT security staff can spot some types of attacks during or immediately after they occur – but in some cases, even the most stringent precautions are no match for determined hackers.

Toy Hack via IoT Is No Child’s Play

Remember that one toy you were scared of as a kid? Here’s one that scared some adults recently.

The German federal agency that oversees telecommunications told parents last month to destroy a talking doll named Cayla. Researchers found that hackers could talk to a child playing with the doll through an unsecure Bluetooth device embedded in the toy. A student at a German university said he had hacked the doll through several walls.

Children revealing personal information to cybercriminals through Cayla are not the only problem. Cayla can also access the internet to look up the answer to a child’s question, opening an avenue for an assailant to plant malware in the doll.

As of this writing, Cayla’s manufacturer has not commented on the agency’s warning.

Surveillance Cameras Hacked Days Before Presidential Inauguration

Eight days before President Donald Trump’s inauguration, hundreds of police surveillance cameras in Washington, D.C. went dark. As many as 123 of 187 network video recorders connected to the cameras had been hacked with ransomware.

Each recorder stored video from up to four cameras. None of the cameras had been able to record street activity between January 12 and January 15. Public safety was not affected, a Secret Service official said. The city did not pay the ransom, but simply took the cameras offline and rebooted each system.

In early February, we learned that a man and a woman were arrested in connection with the crime.

University’s IoT Devices Used Against Its Network

An unnamed university’s network was recently attacked by a botnet that used vending machines, streetlights and 5,000 other IoT devices within the university campus to slow the system to a crawl. Verizon reported the incident in its 2017 Data Breach Digest report’s sneak peak, but did not name the university, its location or the timeframe.

The botnet had made hundreds of DNS (Domain Name Service) requests every 15 minutes, overloading the network servers. It had propagated itself, one IoT device at a time, by breaking default and weak passwords by brute force. After taking over each device, the malware was able to not only receive updates from a command infrastructure, but also change the original password.

Fortunately, the university’s security team intercepted clear-text malware passwords for infected devices, and eliminated the infection in short order.

_____________________________________________________________________________________________________

To prevent these and other types of attacks from occurring, IoT devices must be secured with strong authentication and data protection solutions. And devices such as surveillance cameras that might be in the field for many years to come need quantum-resistant security solutions to ensure they will be immune to attack when quantum computers become available and render currently-used methods obsolete. Contact us today to see how SecureRF’s quantum-resistant authentication and data protection solutions can secure your IoT devices.