X

17 ways the Internet of Things can go horribly wrong

If the Internet is built into everything you own, none of it will be truly safe from hackers.
By Fox Van Allen, Contributing Writer
techrepublic-iot-security-holes-tracking-point-rifle.jpg
1 of 17 TrackingPoint

Hackers can take over your gun

Rapid growth in the "Internet of Things" space means two things. First, it means that everything we own will soon be Internet-connected. Second, it means that hackers will soon have access to everything we own, by virtue of it all being Internet-connected.

Hackers Runa Sandvik and Michael Auger, for example, have discovered that the TrackingPoint TP750, a $13,000 Wi-Fi-enabled rifle with a built-in aiming computer, can be hacked with disastrous consequences.

In one scenario, a rifle user aimed the gun at the bullseye of a target. But when the hacked weapon was fired, the bullet instead hit the bullseye of a different target 2.5 feet away. The researchers were also able to disable the gun completely.

The financially troubled TrackingPoint acknowledged the vulnerability, but argues: "We question why a hacker with a laptop would follow around a red-blooded American carrying one of our guns."

techrepublic-iot-security-holes-pacemaker.jpg
2 of 17 ER Productions/CORBIS

Hackers can give you a deadly OD

Medical device makers are embracing wireless communications functionality in their products -- meaning that hackers now have an electronic pathway directly into our bodies. And indeed, security researchers have already found potentially fatal vulnerabilities in these devices.

Security expert Billy Rios, for example, discovered that drug pumps manufactured by Hospira contain security flaws that hackers could exploit to give patients a deadly overdose.

Hospira notes that there have been no reported incidents of such hackings, and that hospital firewalls are the first line of defense to its devices. The company is working with its customers to address the vulnerabilities.

techrepublic-iot-security-holes-dick-cheney.jpg
3 of 17 Stuart Sipkin/Demotix/Corbis

Hackers can stop your heart

Concerns over hacking were great enough that doctors disabled the wireless features on Vice President Dick Cheney's heart pump to protect him from terrorists.

"It seemed to me to be a bad idea for the vice president to have a device that maybe somebody on a rope line or in the next hotel room or downstairs might be able to get into -- hack into," the veep's cardiologist told 60 Minutes.

techrepublic-iot-security-holes-baby-monitor.jpg
4 of 17 Jinxy Productions/Blend Images/Corbis

Hackers can curse out your baby

Your newborn baby looks so peaceful sleeping in her crib. Hackers know this too, since half (!) of the home baby monitors tested late last year by security firm Rapid7 were revealed to have significant security vulnerabilities that allow remote access by total strangers.

In one known incident, parents in Houston, Texas discovered that a hacker from Europe had accessed their Foscam Baby Monitor, and was using its two-way communications feature to shout insults at their 2-year-old daughter.

techrepublic-iot-security-holes-airplane.jpg
5 of 17 Westend61/Corbis

Hackers can crash your plane

If you think car hacks are bad, we have something far worse: Hackers may be able to gain access to airplane controls, thanks to Internet connectivity features.

In April 2015, the U.S. Government Accountability Office (GAO) warned that the Boeing 787 Dreamliner, Airbus A350, and Airbus A380 are at all risk of hacking, because their cockpits use the same Wi-Fi network being used by passengers.

A month later, the FBI alleged that a security researcher used a Cat6 ethernet cable to gain control over a United Airlines flight while a passenger.

techrepublic-iot-security-holes-jeep-cherokee.jpg
6 of 17 Jeep

Hackers can run you off the road

It may sound like a far-fetched Hollywood plot device, but we assure you, this is real life: Hackers really can gain remote control of your car, thanks to poor IoT security.

White hat researchers Charlie Miller and Chris Valasek announced last year that they could disable the transmission of a Jeep Cherokee via its Internet-connected in-dash entertainment system. They then demonstrated the hack for a Wired reporter by disabling his vehicle (with his permission) as he drove it down a highway Interstate.

Car maker Chrysler has since provided a patch to the 471,000 vulnerable vehicles on the road.

techrepublic-iot-security-holes-google-car.jpg
7 of 17 Google

Hackers will turn cars into lethal weapons

Fully autonomous cars are still (for the most part) in the research-and-development state. But that hasn't stopped some white hats from figuring out a way to break the technology.

Security researcher Jonathan Petit, for example, was able to scramble the light detection and ranging (LIDAR) system on Google's self-driving car with little more than a $60 laser pointer setup.

Both the FBI and Europe's Interpol are taking the public safety threat seriously, preparing for the possibility of autonmous cars being used as lethal weapons.

techrepublic-iot-security-holes-hello-barbie.jpg
8 of 17 CNET

Hackers can find your kids through their toys

Bad news for Barbie: Security firm Bluebox was able to hack the Wi-Fi enabled Hello Barbie doll to access the conversations children have had with it. Making matters even worse, security researcher Matt Jakubowski discovered a different vulnerability in the interactive toy that could give hackers the ability to track down the address of her owner.

Mattel and ToyTalk, the company behind the doll's software, have worked to patch these flaws. ToyTalk has also set up a bug bounty program to better secure the doll moving forward.

That's great news, of course. Still, we continue to question the wisdom of toys that upload the private conversations of children to a corporate cloud.

techrepublic-iot-security-holes-vtech-smartwatch.jpg
9 of 17 VTech

Hackers can target your toddlers

Toy maker VTech admitted late last year that hackers were able to exploit wide-open security holes in its company computer systems, stealing non-personally-identifiable data from 200,000 children who use its Kidizoom smartwatches (shown), InnoTab tablets, and related connectivity apps.

Shortly after, it was revealed that hackers had also made off with "hundreds of gigabytes worth of profile photos, audio files, and chat logs-many of which belong to children."

It's unclear exactly why VTech was storing the data itself in the first place.

techrepublic-iot-security-holes-samsung-smart-tv.jpg
10 of 17 Gene Blevins/LA DailyNews/Corbis

Hackers can spy on you through your TV

Comic Yakov Smirnoff used to joke that in Soviet Russia, the television watches you. As it turns out, the same goes for televisions in the United States too.

Samsung got into hot water with the public after it was revealed that the mics built in to its smart TVs were continuously recording and transmitting data to the company. Samsung's privacy policy warns that personal and other sensitive information may be picked up by the mic and transferred to third parties.

Concerns over what Samsung would do with that data were somewhat overblown. The real worry here is what would happen if hackers illegally gained access to these features to spy on your family.

You can learn how to disable Samsung's spying feature at CNET.

techrepublic-iot-security-holes-insteon-home-automation.jpg
11 of 17 David Bro/ZUMA Press/Corbis

Hackers can take over your whole home

Your smart home's security is only as good as its weakest link, as owners of the Insteon HUB home automation controller have learned.

In 2013, Forbes reporter Kashmir Hill revealed that some owners of Insteon-run smart homes had made websites to remotely access their home automation systems. Because these systems did not require a username and password, hackers could remotely access their homes too, following a quick Google search.

techrepublic-iot-security-holes-ring-smart-doorbell.jpg
12 of 17 Ring

Hackers can get in your home through your doorbell

Ring is a $199 Wi-Fi-enabled smart doorbell -- a high-tech way to see who's knocking at your door simply by looking at your phone. Unfortunately, a recent analysis of the device by network security firm Pen Test Partners reveals that hackers could easily exploit a design flaw in Ring to steal your home Wi-Fi key, which was being stored by the device in an unencrypted form.

Ring has since patched the vulnerability via firmware update.

techrepublic-iot-security-holes-smart-fridge.jpg
13 of 17 Jason Ogulnik/dpa/Corbis

Hackers can turn your fridge into a spambot

Beware: Your smart fridge may soon turn against you.

During the Def Con 23 conference in Las Vegas, a group of IoT hackers discovered, through penetration testing, that the Samsung RF28HMELBSR smart refrigerator has security holes that could turn the appliance into a man-in-the-middle attacker.

A separate group of researchers, meanwhile, discovered that hackers had recruited at least one smart fridge into a global spam botnet.

techrepublic-iot-security-holes-nest-thermostat.jpg
14 of 17 Karsten Lemm/dpa/Corbis

Hackers can rob your home blind

Even the popular Nest smart thermostat can be used by hackers to gain access to your home networks, a trio of security researchers revealed at the Black Hat USA 2014 conference.

According to Yier Jin, Grant Hernandez and Daniel Buentello, a hacker can load malware onto a Nest thermostat in just seconds via its USB port. From there, a criminal could mount an attack on your home network -- or simply use data from the Nest to learn when you're home and when you're not.

Jin told Forbes in 2015 that a fix is impossible due to the way the hardware is built. Thankfully, this particular exploit requires a USB connection, so the hacker -- or an accomplice -- would first need physical access to your home before he or she could gain unfettered digital access.

techrepublic-iot-security-holes-webcam.jpg
15 of 17 Ken Seet/Corbis

Hackers can watch you strip naked

Cameras are ubiquitious these days -- they're on our phones, tablets, computers and more. Unfortunately, these Internet-connected cameras can double as a hacker's spycam when afflicted with the right malware.

Because many of these cameras come with default passwords, they're exceedingly easy to compromise. In fact, one criminal created a website featuring 11,000 live camera feeds, stolen from homes across the United States.

And it's not just hackers who are using webcams to spy on people. A civil suit was filed against a school district in Pennsylvania after administrators used cameras on school-issued laptops to spy on kids and their families inside their homes without their knowledge. (The school paid $610,000 to settle the case.)

Don't be a victim: Always change the default passwords of your IoT devices. You might also want to cover up your webcam when it's not in use.

techrepublic-iot-security-holes-drone.jpg
16 of 17 BUCK Studio/Corbis

Hackers can fly the unfriendly skies

A new type of malware called "Maldrone" can give a hacker full control over unmanned Parrot AR aircraft and any on-board camera equipment it may have.

This means a hacker could use your own drone to spy on you.

techrepublic-iot-security-holes-military-drone.jpg
17 of 17 Ted Horowitz/Corbis

Hackers could wage war on us all

Or worse yet, a foreign government could install malware on U.S. military drones that carry deadly payloads. It could happen -- the U.S. Air Force struggled to keep malware off drones flying unmanned missions in Afghanistan.

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos