The Internet of Things (IoT) needs developers and it needs them to start building (and breaking) IoT devices. This is the message that emanated from DefCon, the largest hacker convention in the U.S., which was recently hosted this August 2016.
If it’s IP-enabled, we like it
The show’s organizers asked attendess to show them how secure (or, indeed, how insecure) IP enabled embedded systems are in the real world.
Hackers were directed to focus on routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology and TVs.
“If it is IP-enabled, we’re interested,” they said.
DefCon built a dedicated area (known as the IoT village) to focus hackers on the challenge at hand. The area was hosted by Baltimore-based cyber-threat mitigation firm Independent Security Evaluators (ISE).
According to writers on cubeacon, “ISE ran a router hacking contest called SOHOpelessly Broken at the conference last year. That contest resulted in fifteen new vulnerabilities being discovered in five popular wireless router models. Building on its success, Independent Security Evaluators (ISE) will now extend it to all IoT devices.”
Ransomware via thermostat
DefCon itself has said that was a big year in the Internet of Things and the whole industry is only just getting off the ground. “At DefCon 24 (in 2016) we saw the first ransomware delivered via thermostat, among many other causes for interest and concern,” say the organizers.
Wider show reports on The Register note that security researcher Anthony Rose detailed how to hack supposedly smart locks by using the US$100 Ubertooth sniffing device, a $40 Raspberry Pi, a $50 high-gain antenna and a $15 USB Bluetooth dongle.
“Smart locks appear to be made by dumb people,” Rose said. “Lots of manufacturers choose user convenience over security and aren’t bothered about fixing their hardware.”