View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 17, 2014

5 Internet of Things home hacks

Following news that Spanish researchers exposed flaws in power smart meters we look at other examples of IOT hacks on the home front


Smart meters cause blackouts

Smart meters installed in millions of homes across Spain contain vulnerabilities that could allow hackers to cause blackouts and tamper with meter readings.

Cyber security experts said by identifying flawed code in reprogrammable memory chips it was able to insert malicious worms that could cause widespread blackouts and shut down power supplies to households.

Once they broke through the first level of security, they were able to take full control of the box, switching its unique ID to impersonate other customer boxes or using the meter itself as a weapon for launching attacks against the power network.

"Oh wait? We can do this? We were really scared," researcher Vazquez Vidal said. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?"

The same researchers last year also uncovered vulnerabilities in computer chips found in automobiles, which they claimed could be used to cause crashes.

The researchers did not identify which of the three major utility companies in Spain had rolled out the faulty meters.

Hacked Light bulb

Security firm Context exposed a critical vulnerability in an LED light bulb.

Content from our partners
How the retail sector can take firm steps to counter cyberattacks
How to combat the rise in cyberattacks
Why email is still the number one threat vector

It said by gaining access into bulb manufacturer LIFX’s Wi-Fi enabled master bulb, it was able capture and decrypt its network configurations.

The researchers, which found vulnerabilities in other internet connected devices, such as home storage systems, printers and baby monitors, accessed the firmware by examining the device’s embedded microcontrollers to identify the encryption mechanism in use.

They then were able to monitor packets on the mesh network and identify the specific packets, which shared the encrypted network configuration among the bulbs.

Michael Jordon, research director at Context: "Hacking into the light bulb was certainly not trivial but would be within the capabilities of experienced cyber criminals.

"In some cases, these vulnerabilities can be overcome relatively quickly and easily as demonstrated by working with the LIFX developers. In other cases the vulnerabilities are fundamental to the design of the products.

Screaming baby monitor

An Ohio couple heard an unknown voice cursing in the bedroom of their baby daughter after a hacker took control of their camera-enabled monitor.

When the Gilbert family entered the room, the voice cursed them as well, according to an account on ABC News in August 2014.

The family had been using Foscam’s wireless web camera, which called their daughter an "effing moron," and told her, "wake up you little slut."

Marc Gilbert, father of the child said he had taken basic security precautions, including passwords for his router and the baby-stalking IP cam, as well as having a firewall enabled.

Cable Box terrorises grandmother

A grandmother from the US city of Indianapolis was threatened with vulgar and graphic messages on her TV after a hacker broke into her AT&T cable box.

As WXIN Fox 59 reported in March 2014, Alana Meeks claimed that harassing and personal messages started appearing on her two TV screens.

In a statement, AT&T said: "We take security seriously and we are working with the customer to determine the cause and remedy of the situation."

Spam in fridge

A California-based security group discovered the first fridge to send out spam in January 2014.

Proofpoint said the fridge was one of more than 100,000 devices such as smart TV sets, computers and multimedia centres that hackers broke into.

They then used the devices to send more than 750,000 malicious emails to businesses and people around the world.

The attack is thought to have taken place between 23 December 2013 and 6 January this year, the security firm said in a statement.

75% of the emails were sent by computers, while the rest were sent by hacked home appliances.


Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy