Cyber security

• Consider the World’s First Interactive Doll – Wi-Fi Hello Barbie by a company called Mattel. It uses Voice Recognition & Progressive Machine Learning technology to play interactive games & tells jokes to your kid. It can read a book & do language translations. It can also tailor conversations based on history. Note intelligence is not put into the doll, it’s connected to those massive computers of digital world.

This seems a very interesting proposition in terms of IOT. But, this was hacked. The doll failed to validate SSL Certificates and hence the hacker quite cunningly used MITM (Man-in-the-Middle) Attacks to get control over the doll. He got access to all the audio files recorded by the doll. He could penetrate into the home Wi-Fi network and was able to sniff user credentials from regular internet traffic.

But is this the only threat. Just imagine, what can happen if this doll is exploited to teach offensive language to your kid. What if someone can exploit these devices to eavesdrop on your children without your knowledge. Eavesdropping can also happen through other smart devices like smart TVs. We are becoming lazy enough to use the wireless remote of the TV. We want Voice Command & Control. Smart TVs are coming with intuitive Voice Control function these days. What if that same microphone in the TV can be used to listen to the private communications in your bed room. Smart TVs have also been reported to be hacked & infected by malware for automated Ad Clicks and Cryptocurrency mining.

• Smart Insulin Pumps: About 10% of the World’s Population suffer from Diabetes and this device is a wonder for a lot of Diabetic patients. But this got hacked too and allowed the hacker to surreptitiously and remotely change the dose of drugs administered to the patients.

8
Same is happening with Pacemakers also. Pacemakers can also be monitored using mobile apps these days. Imagine what if by exploiting a simple app on your phone the attacker can send wrong signals to the pacemaker. It can be disastrous.

IOT Ransomware: The next big scary thing

Ransomware have been quite popular in the Cyber Security Space since past few years where the hacker will put a malware in your system that will encrypt you hard disk and will prevent you to access your data until u pay a ransom. Ransomware has also started penetrating into the IOT sector.

Take the case of Nest’s Smart Thermostats, which got infected. The home owner goes for a vacation and gets this message, “Your room temperature has been increased to 400C. To unlock your thermostat, pay xyz bitcoins to the following bitcoin address”. Will you pay for this? What if a pacemaker gets infected by ransomware? How much do you think someone would pay to remove ransomware from a pacemaker? The scenario is not too far-fetched; in fact, it is much more deadly.

1
2
3
4
5
Previous articleContiki For Converting Embedded Into The IoT
Next articleApple Watch Series 2 Teardown
A technology evangelist with wide range of agile experience, starting from the days of embedded systems, moving to web & object-oriented development, followed by cyber security and then to the latest trend of cloud computing & machine learning. Currently, holding the role of Alt. CISO for Electronics Corporation of India limited (ECIL), a Public Sector Enterprise under Department of Atomic Energy (DAE), Government of India. He is accountable & responsible for security strategy planning, policy implementation, management of risks & threats, independent compliance reviews and implementation of new security products & technologies. Some Accolades to his Arsenal: - Winner, Top 100 InfoSec Maestros Awards 2016 - Winner, Dynamic CISO Security Excellence Awards 2016 - Elite CISO Finalist, NullCon BlackShield Awards 2016 - IBM Blue Scholar 2012

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here