If you are still wondering what IoT is, start with this article on IoT

There have been several significant security incidents in IoT technologies during its brief life.

Yet its newness has not slowed the amount of attacks on IoT devices.

Yet its newness has not slowed the amount of attacks on IoT devices. There have been several significant security incidents in IoT technologies during its brief life.

Even if we’re considering the computer and electronics space, IoT is a rather new technology compared to others. That is, the history of IoT is not long. Although it is certainly storied. Here is a primer of IoT history

Reading through the Krebsonsecurity blog , I came across the drama around the Mirainet botnet. It got me wondering about IoT attack incidents in the past. Recently, IoT security has been hot on the press for all the wrong reasons. There have been some massive attacks caused by lax security in IoT devices – originating from internet connected cameras, routers, DVRs.

Let us look at some of the most famous IoT Security Incidents:

Let us look at some of the most famous IoT Security Incidents:

One category of network attack is called Denial of Service, which means the device tried to go about doing its job but was blocked. Another more sophisticated form of attack is called Distributed DoS (DDoS). DDoS utilizes many connected devices to attack one networked device. Most of the IoT security incidents were a form of DDoS.

One category of network attack is called Denial of Service, which means the device tried to go about doing its job but was blocked. Another more sophisticated form of attack is called Distributed DoS (DDoS). DDoS utilizes many connected devices to attack one networked device. Most of the IoT security incidents were a form of DDoS.

We’re going to take a look at some specific IoT attacks. But first let’s define a few terms.

We’re going to take a look at some specific IoT attacks. But first let’s define a few terms.

Hackers were able to shut down a connected car that was in motion

Hackers were able to shut down a connected car that was in motion

Adding insult to injury, the famous security researcher Bruce Schneier has been sounding the alarm on IoT Security and the need for regulation. You can read more about that here

Some of the most worrisome cases of IoT hacks involve medical devices and can have detrimental perhaps fatal — consequences on patients’ health.

Wearables also can become a source of threat to your privacy, as hackers can use the motion sensors embedded in smartwatches to steal information you’re typing, or they can gather health data from smartwatch apps or health tracker devices you might be using.

In another development, it was proven that Internet-connected cars can be compromised, as well , and hackers can carry out any number of malicious activities, including taking control of the entertainment system, unlocking the doors or even shutting down the car in motion

According to Symantec, IoT attacks increased 600% between 2016 and 2017. And Cnet claims that IoT attacks are getting worse.

According to Symantec, IoT attacks increased 600% between 2016 and 2017. And Cnet claims that IoT attacks are getting worse.

Think about the range of impact from connected devices. They’re used in mission-critical applications that affect the safety of many people, buildings, etc. Yet on the personal level, they’re also used at home. This means they directly affect the physical security of our loved ones. Food for careful thought.

Think about the range of impact from connected devices. They’re used in mission-critical applications that affect the safety of many people, buildings, etc. Yet on the personal level, they’re also used at home. This means they directly affect the physical security of our loved ones. Food for careful thought.

The simple answer to this question is that IoT connects all sorts of physical devices to the internet. What this means is that all these physical devices can be controlled remotely. If it can be controlled by you, then an attacker can potentially control it as well.

Stuxnet was one of the most well-known attacks, occurring between 2010 and 2014. Stuxnet is believed to have caused substantial damage to Iran’s nuclear program and may have been purposely built against industrial systems. Stuxnet specifically targets programmable logic controllers (PLCs). That is probably the beginning of the IoT security incidents. Stuxnet was designed to gain control of PLCs connected to a computer that runs Windows OS. Microsoft updates is a suggested solution to the security hole exploited by Stuxnet.

Let us define some terms before getting to know this attack more. A botnet is a collection or network of bots or remotely controlled, internet-connected computers. It is usually under control of one person. Because of the large number of bots that make up the botnet, the attacker has a power of a supercomputer on their fingertips. Since it may be located in various parts of the world, it is hard for any security firm to control or stop it.

Mirainet was developed to attack Linux based connected to a network and turn them into remotely controlled bots. Mirainet attacked numerous IoT devices, that includes home routers and IP cameras. It was the largest cyber attack leading to a widespread Distributed Denial of Service (DDoS) attack. The attack was purposely made to take certain online business offline, by sending overwhelming number of traffic from multiple sources.

Authors of the botnet software was apprehended by authorities as described here: https://krebsonsecurity.com/2018/10/mirai-co-author-gets-6-months-confinement-8-6m-in-fines-for-rutgers-attacks/

An undergraduate at Rutgers started Mirainet. This is what csoonline wrote about Mirainet :

Mirai was another iteration of a series of malware botnet packages developed by Jha and his friends. Jha, who loved anime and posted online under the name “Anna-Senpai,” named it Mirai (Japanese for “the future”, 未来), after the anime series Mirai Nikki, or “future diary.” It encapsulated some clever techniques, including the list of hardcoded passwords. But, in the words of an FBI agent who investigated the attacks, “These kids are super smart, but they didn’t do anything high level—they just had a good idea.”

According to krebsonsecurity, author of Mirai also ran DDoS mitigation company called ProTraf. On Dec 13, 2017 three men including Paras Jha pled guilty to crimes related to Mirai botnet. But source code for the botnet had been leaked online prior to that.

Source code for Mirai was published and you can find source code in https://github.com/jgamblin/Mirai-Source-Code