The Internet of Things (IoT) needs developers and it needs them to start building (and breaking) IoT devices. This is the message that emanated from DefCon, the largest hacker convention in the U.S., which was recently hosted this August 2016.

If it’s IP-enabled, we like it

The show’s organizers asked attendess to show them how secure (or, indeed, how insecure) IP enabled embedded systems are in the real world.

Hackers were directed to focus on routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology and TVs.

“If it is IP-enabled, we’re interested,” they said.

loT Village

DefCon built a dedicated area (known as the IoT village) to focus hackers on the challenge at hand. The area was hosted by Baltimore-based cyber-threat mitigation firm Independent Security Evaluators (ISE).

According to writers on cubeacon, “ISE ran a router hacking contest called SOHOpelessly Broken at the conference last year. That contest resulted in fifteen new vulnerabilities being discovered in five popular wireless router models. Building on its success, Independent Security Evaluators (ISE) will now extend it to all IoT devices.”

Ransomware via thermostat

DefCon itself has said that was a big year in the Internet of Things and the whole industry is only just getting off the ground. “At DefCon 24 (in 2016) we saw the first ransomware delivered via thermostat, among many other causes for interest and concern,” say the organizers.

Wider show reports on The Register note that security researcher Anthony Rose detailed how to hack supposedly smart locks by using the US$100 Ubertooth sniffing device, a $40 Raspberry Pi, a $50 high-gain antenna and a $15 USB Bluetooth dongle.

“Smart locks appear to be made by dumb people,” Rose said. “Lots of manufacturers choose user convenience over security and aren’t bothered about fixing their hardware.”

Related: Security remains biggest obstacle to enterprise IoT adoption.


Previous articleAre insurance companies ready for driverless cars?
Next articleKPMG Australia launches IoT business practice
I am a technology journalist with over two decades of press experience. Primarily I work as a news analysis writer dedicated to a software application development ‘beat’; but, in a fluid media world, I am also an analyst, technology evangelist and content consultant. As the previously narrow discipline of programming now extends across a wider transept of the enterprise IT landscape, my own editorial purview has also broadened. I have spent much of the last ten years also focusing on open source, data analytics and intelligence, cloud computing, mobile devices and data management. I have an extensive background in communications starting in print media, newspapers and also television. If anything, this gives me enough man-hours of cynical world-weary experience to separate the spin from the substance, even when the products are shiny and new.