Roundup: Recent Security Breaches In The IoT Space

IoT security

Time and again, security stands out as the major concern with regards to IoT.  As a lot of personal details of the users including the financial details get recorded, it becomes all the more important that this information is encrypted and secured at all stages right from the source which is generating the data to the destination which is receiving the data and all the in-between players who get access to this data. In this article I will list down the major IoT security breaches that have happened in the recent past.


Samsung Smart TV Watching You:

This was one of the freaky, sending chills down your spine kind of a case when Samsung, in its privacy policy advised people not to discuss personal information in front of the TV as it could record the voices and transmit this information to third party. The TV is also equipped with a built in camera, which with a help of little bit programming can transmit your live videos to third parties while you are not even aware of it. Imagine a scenario when you are sitting in your living room, watching your Smart TV while on the other end, someone is looking into your living room and hearing all the conversations. This is the scariest of scenarios which Samsung has made possible.

Similar instance was reported on Microsofts X-Box kinetic games which went one step ahead to breach the personal privacy by transmitting the users body images through its IR Camera.

Attitude of the manufacturers of turning a blind eye and not acting on the vulnerability is a bigger cause of worry in this case. Instead of acting on this loophole, Samsung thought it was sufficient to give a disclaimer and leave it upon the user to tackle with the issue.

Samsung Smart Fridge vulnerability:

Another case which we came across earlier this year was of the vulnerability in Samsung Smart Fridge when researchers had discovered a potential way in which Gmail credentials of the Smart Fridge owners could be stolen.

Security researchers Pen Test Partners, as part of a hacking challenge discovered the MiTM (Man-in-the-Middle) vulnerability that enabled them to access Gmail credentials of the users. While the fridge implemented SSL, it failed to validate SSL certificates enabling the exploit to take place.

Fiat Chrysler Smart Car Hack:

Earlier this year, Chris Valasek and Charlie Miller made headlines when they demonstrated that they could remotely take control of the vehicle by exploiting vulnerability in their UConnect communication module. This demonstration led to Fiat recalling 1.4 million cars to fix the issue. This will be another scary scenario if your car starts acting on its own while you are driving it.

Exploiting ZigBee to hack smart home:

This hack is at the Standards level. Most smart home systems use ZigBee wireless standards for connectivity of devices.  As pointed out by Cognosec researchers, the issue in this case is the weak way in which manufacturers implement ZigBee. This vulnerability occurs because ZigBee relies on insecure key link to connect devices. Some vendors compromise on security to bring the costs down. With these kinds of hacks, entire house is at stake and can be used wrongly.

As pointed out in the cases above, the issue is at 2 levels. One is the attitude of the manufacturers, both established ones and start-ups who are running the race of the IoT towards the finish line without much consideration or thought to the security. While on one hand, some manufacturers don’t give consideration to the security, there are others who know about the vulnerabilities but choose to put an end to the matter by giving out disclaimers and warnings without actually fixing the issue.

The constant and major worry about vulnerabilities can only be fixed if the device manufacturers take up security right from the design phase and not implement it at the end as a over the top fix. Hopefully, vigilant security networks will keep this phenomenon in check and avert major catastrophes.



Please enter your comment!
Please enter your name here