Avoiding a hack used to be as simple as installing an antivirus program on your desktop computer. Now, the Internet of Things — which is the network that connects all internet-enabled items to each other — has made it possible to hack items you may never even realize were hackable.
Today, it’s possible to hack more than just computers, credit cards, and cell phones. Hackers can infiltrate everything from trucks and equipment to building heating systems and even your office coffee pot.
With the help of RFID tags and sensors, even things like shipping containers and plain old boxes of inventory can join the IoT — and can also be vulnerable to hacks.
What’s the big deal if a hacker hacks your morning coffee? Unfortunately, with access to even one single point of entry, a hacker can “leapfrog” across connected devices and routers and eventually compromise your entire system — causing much more damage than just a burnt morning brew.
The best way to defend against an IoT attack is to educate yourself on your own devices and learn how hackers might be able to target them. Read through 15 of the wildest ways that hackers can pull off an unexpected attack or jump directly to the full infographic.
1. Car Keys
Hackers have been using what’s called a relay hack to clone the signal from a wireless car key to unlock and even start cars with keyless ignitions. But unlike most hacks, which get patched shortly after they’re discovered, the relay hack still works on a number of cars. The latest iteration of the hack works on cars whose keys are within a thousand feet of the vehicle, so you can protect against this particular attack by parking far from wherever you keep your keys.
In 2015 a security researcher invented a hacking device called OnStar which allowed him to hack any vehicle equipped with OnStar, a GPS-enabled emergency tool that allows drivers to call for help without using a phone. With the device, the hacker was able to not only locate and unlock but also remote start and drive the cars he hacked.
The vulnerability that the OnStar exploited to perform these hacks was later patched, but evolving technology means evolving hacks, and it’s usually only a matter of time before another hacker comes along and finds a new weak spot to exploit.
Not just car radios or digital displays — entire cars can be hacked and shut down remotely, as demonstrated by a 2015 experiment in which hackers successfully breached a Jeep Cherokee doing 70mph on the highway. The hackers were able to blast the air conditioning, switch the radio, turn on the windshield wipers, and ultimately cut the transmission, all from their location 10 miles away.
4. Aerial Drones
Most of the popular drone models can be hacked by a small device called Icarus, which allows an attacker to take over a drone and lockout the owner to prevent them from attempting to regain control. Once the hacker has control of the drone, they can steal it, crash it, or use it to damage other equipment on the site.
5. Construction Equipment
In 2018, two researchers wrote an attack code that they believed could hack a crane. They then set off on a road trip to 14 different worksites, testing the hack on not just cranes but also any heavy equipment that was present on the worksite. At the end of the experiment, the attack code had successfully infiltrated every piece of equipment they used it on at all 14 of the construction sites.
With their prewritten code, the researchers were able to send commands to the machines remotely, clone the control devices and operate equipment independent of the crew, remotely deploy the emergency stop at any time, and even install permanent vulnerability in the equipment’s existing code.
In the report that followed, the researchers noted that a truly malevolent hacker would be able to steal equipment, use it to cause damage to property or people, or even use their control of the equipment as leverage for extortion.
Wearable technology is growing popular on construction sites with things like connected hardhats, smart boots, and augmented reality eyewear. If hacked, these devices can give an attacker valuable data, like information on the crew’s comings and goings and access to protected files like blueprints and site worker credentials.
Any hacked worksite is a liability, but in places like airports, city skyscrapers, or government buildings, a hacker could sell information gained via wearables to domestic or foreign criminals, leaving the location vulnerable to physical attack.
7. Warehousing & Supply Inventory
Many worksites now use RFID tags on units of inventory in order to keep a record of what supplies are on-site, how much of each material is used and on which projects, and what items are running low and need to be ordered. Hackers can access these RFID tags and alter the data they contain, causing major problems to automated supply chains.
With this access, someone can make it look like there are 1,000 units of material when there are actually 0 or, conversely, make it look like a supply order is needed when there is actually plenty of an item left. By tampering with these counts a hacker can cause delays, mistakes, expensive unnecessary orders, and other costly problems.
8. Building Cameras
Hackers with camera access are far more dangerous than the average Peeping Tom. With control over security and surveillance cameras, hackers can literally look over people’s shoulders at computer screens in order to learn passwords, access sensitive information, view credentials, and even swap in fake footage to cover up a crime.
9. Office Printers
Though printers used to be hard-wired to the source sending them documents, today the majority of printers are internet-connected and allow printing tasks to be sent from any device as long as it’s on the same network.
Unfortunately, researchers have shown that most of these wireless printers can be hacked in a surprising number of ways. Hackers can deny print service, set the machine permanently in offline mode, manipulate other people’s print jobs, and even cause physical damage that will destroy the printer.
Perhaps most unsettling, hackers can actually access copies of the print jobs that have been passed through the printer, allowing them to view sensitive documents, blueprints, credentials, and other potentially dangerous information.
10. Heat and Electricity Systems
Programs that allow people to remotely control their heating, cooling, and electricity systems require them to be connected to the internet — and therefore, make them vulnerable to hackers. With access to heat and electricity systems, hackers could cut power to a hospital, shut off lights at an airport, deprive a city of heat in a cold snap, and more.
These systems can also serve as entry points for hackers to gain access to a company’s larger networks — in fact, the infamous Target hack that resulted in the theft of 40 million people’s credit and debit card information was traced back to a breach in the company’s HVAC system.
11. Security Systems
Even if a building’s security system is secure, all it takes is one individual camera, smart lock, or security tool that’s missing the latest software upgrade to allow hackers a point of entry from which they can access almost every internet-connected device in the building’s network.
12. Baby Monitors
Many modern baby monitors utilize Internet capabilities to allow parents to view audio and video streams from their phones and even talk to their baby through the device from afar. However, this has led to a number of baby monitor hacks, in which attackers will make threats to families via the devices.
Other devices that monitor babies’ heart rates and movements and trigger an alarm if the child is too still can be hacked, allowing attackers to harass families by needlessly triggering alarms.
13. Smart TVs
Smart televisions — those that are connected to the internet in order to offer built-in Netflix, Hulu, and other apps — are vulnerable to attacks that allow hackers to remotely assume control of the device. Hackers can turn smart TVs on or off, change the channels, turn up the volume, and even play adult content from apps like YouTube.
Those smart TVs that have cameras can also be used to spy on the household, even if the TV looks like it’s been turned off.
14. Smart Coffee Machines
Smart coffee machines make it possible to start brewing a pot of coffee before leaving your bed since you can control the device from your phone. However, they can also be hacked, allowing attackers to do things like turning it on while the owner is not home and cause the burner to overheat, potentially causing a fire.
15. Smart Refrigerators
Internet-connected refrigerators are designed to allow users to manage their meal planning by syncing the fridge directly to their Google calendar. However, this means that hackers that gain access to the fridge itself also gain access to the individual’s calendar.
In other words, a hacked refrigerator can give up more than just grocery expiration dates — it can also give hackers access to users’ Gmail, Google Drive, and any sensitive information stored there.
How to Protect Against IoT Hacks
There are a few key defenses you can employ to protect yourself against most IoT hacks. If you can register your device with the manufacturer, make sure you do so — this will put you on the mailing list that companies use when they roll out security upgrades after they become aware of a new hack their product might be vulnerable to.
Then, make sure you stay up-to-date on all of these patches and install them as soon as they’re released. Most hackers find their targets using a platform called Shodan, which is a search engine that returns lists of IoT-connected devices in a particular area.
Hackers will search for the type of device they’re targeting and look for any that haven’t upgraded their security recently — if you frequently install security patches, you’re unlikely to appear on the list of vulnerable devices the hackers will target.
Finally, any equipment that you don’t use frequently, consider renting on a case-by-case basis instead. Each internet-connected item that resides on your worksite or in your warehouse is a potential point of entry for a hacker to access your entire network. By limiting the number of machines you own, you lower the possible points of entry hackers can use and make yourself and your firm more secure.