View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 17, 2014

5 Internet of Things home hacks

Following news that Spanish researchers exposed flaws in power smart meters we look at other examples of IOT hacks on the home front

By Amy-Jo Crowley

Smart meters cause blackouts

Smart meters installed in millions of homes across Spain contain vulnerabilities that could allow hackers to cause blackouts and tamper with meter readings.

Cyber security experts said by identifying flawed code in reprogrammable memory chips it was able to insert malicious worms that could cause widespread blackouts and shut down power supplies to households.

Once they broke through the first level of security, they were able to take full control of the box, switching its unique ID to impersonate other customer boxes or using the meter itself as a weapon for launching attacks against the power network.

"Oh wait? We can do this? We were really scared," researcher Vazquez Vidal said. "We started thinking about the impact this could have. What happens if someone wants to attack an entire country?"

The same researchers last year also uncovered vulnerabilities in computer chips found in automobiles, which they claimed could be used to cause crashes.

The researchers did not identify which of the three major utility companies in Spain had rolled out the faulty meters.

Hacked Light bulb

Security firm Context exposed a critical vulnerability in an LED light bulb.

Content from our partners
A hybrid strategy will help distributors execute a successful customer experience
Amalthea leverages AI and automation to improve yield while minimising waste and costs
How AI is unlocking valuable opportunities in the insurance industry

It said by gaining access into bulb manufacturer LIFX’s Wi-Fi enabled master bulb, it was able capture and decrypt its network configurations.

The researchers, which found vulnerabilities in other internet connected devices, such as home storage systems, printers and baby monitors, accessed the firmware by examining the device’s embedded microcontrollers to identify the encryption mechanism in use.

They then were able to monitor packets on the mesh network and identify the specific packets, which shared the encrypted network configuration among the bulbs.

Michael Jordon, research director at Context: "Hacking into the light bulb was certainly not trivial but would be within the capabilities of experienced cyber criminals.

"In some cases, these vulnerabilities can be overcome relatively quickly and easily as demonstrated by working with the LIFX developers. In other cases the vulnerabilities are fundamental to the design of the products.

Screaming baby monitor

An Ohio couple heard an unknown voice cursing in the bedroom of their baby daughter after a hacker took control of their camera-enabled monitor.

When the Gilbert family entered the room, the voice cursed them as well, according to an account on ABC News in August 2014.

The family had been using Foscam’s wireless web camera, which called their daughter an "effing moron," and told her, "wake up you little slut."

Marc Gilbert, father of the child said he had taken basic security precautions, including passwords for his router and the baby-stalking IP cam, as well as having a firewall enabled.

Cable Box terrorises grandmother

A grandmother from the US city of Indianapolis was threatened with vulgar and graphic messages on her TV after a hacker broke into her AT&T cable box.

As WXIN Fox 59 reported in March 2014, Alana Meeks claimed that harassing and personal messages started appearing on her two TV screens.

In a statement, AT&T said: "We take security seriously and we are working with the customer to determine the cause and remedy of the situation."

Spam in fridge

A California-based security group discovered the first fridge to send out spam in January 2014.

Proofpoint said the fridge was one of more than 100,000 devices such as smart TV sets, computers and multimedia centres that hackers broke into.

They then used the devices to send more than 750,000 malicious emails to businesses and people around the world.

The attack is thought to have taken place between 23 December 2013 and 6 January this year, the security firm said in a statement.

75% of the emails were sent by computers, while the rest were sent by hacked home appliances.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.