As the Internet of Things becomes more widespread across the globe, no challenge is greater than overcoming threats related to security. IT departments are now being overwhelmed by the number of devices that must be managed and the amount and types of data that must be protected, and it is becoming clear that traditional approaches to IT security will not be sufficient to deal with both increasing numbers of connected devices and amounts of data that need to be protected. And in fact, there have been some very sophisticated security intrusions using IoT which should be of concern to any company currently engaged in deploying an IoT system.
As a case in point, recently in the US a casino suffered the loss of its VIP customer data via IoT hacking by finding an unexpected point of entry into the network. Hackers scanned devices in the casino and were able to gain entry into the casino’s IT network via an unsecured thermostat which was being used in the lobby’s aquarium. This thermostat was connected to the Internet over Wi-Fi and the hackers were able to use it as an entry point to go through the casino’s customer database of high-spending gamblers, and then take out this data again via the thermostat and outside of the premises.
The biggest IoT cyber attack so far was the Mirai botnet attack of 2016 which operated on a very similar premise compared to the attack on the casino. Hackers were able to scan networks for IoT devices which were using default or common passwords, and then gain entry to these devices and install bots on the machines (a list of these 60 passwords can be seen below). Amazingly, at its peak, hackers were able to commandeer 400,000 IoT devices including routers, security cameras and DVRs. These bot-controlled machines were then able to send DDoS attacks directed at certain websites such as Twitter, Reddit and Netflix, and caused such severe Internet outages in the United States that it was originally believed that the perpetrators were a foreign government, although it turns out that it was done by a group of local teenagers who interacted through the game Minecraft.