New technology is being developed and marketed on a daily basis, many which affects our daily routines – smart thermostats, smart chairs, vacuums, etc. With so much technology being deployed at such a rapid pace, sometimes there are security threats that are introduced without the user's knowledge.
Every week, our team puts together a freaky infosec fact of the week to bring some of the most interesting discoveries from these devices. In this blog post, we've put together 13 freaky infosec facts that we've shared in the past to show you how freaky technology can get. Enjoy!
1. Bluetooth Hair Straighteners Burning Houses
Researchers with PenTestPartners discovered that it's relatively easy to hack into Glamoriser hair straighteners that support Bluetooth and turn them into a major fire hazards.
2. Hacked Pacemakers Can Kill
In 2017, security researchers managed to install malicious firmware on a device used by doctors to control pacemakers, which enabled them to change settings, including how often patients received shocks. While this attack could have lethal consequences, the issue was still not solved in Autumn of 2018. Here's more information on this: https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/.
3. Hackers Killing Car Engines Remotely
Earlier this year, a hacker compromised thousands of user accounts for GPS tracker apps, allowing them to shut off the engines of some cars if they were driving no more than 12 mph. Issues like this have been discovered before, like in 2015 when security researchers remotely killed the engine of a Jeep going 70 mph.
4. Hacked IP Cameras Spying on Breastfeeding Moms
Last year, a mother from South Carolina discovered that a hacker was spying on her family through their IP camera when she noticed it panning to the spot where she always breastfed her son.
5. DSLR Cameras Infected with Ransomware
Earlier this year, Check Point researchers discovered vulnerabilities in the firmware of certain Canon cameras that made it possible to infect the cameras with ransomware over Wi-Fi or via USB.
6. Hackers Deciphering Passwords from Audio of People Typing
Security researchers recently developed a method for decoding individual keystrokes from acoustic signals. The method works even for audio recorded with a smartphone in a noisy public area.
7. Fitness App Exposes Location of Secret US Army Bases
In 2017, fitness tracking app Strava accidentally exposed secret US army facilities when it published a global heat map showing the exercise routes of its users, including those of foreign army personnel stationed in countries where the app wasn’t used by locals.
8. Using AI Voice Technology to Imitate Executives
A UK subsidiary was recently scammed out of $243,000 by threat actors who contacted the CEO on the phone using an AI generated voice that mimicked the CEO of the parent company.
9. 10GB of Data Stolen from Casino by Hacking a Fish Tank
In 2017, threat actors breached the network of a Casino in North America by attacking an Internet-connected fish tank the Casino had just installed. They managed to exfiltrate 10GB of sensitive data.
10. Hackers Taking Over Computers with USB Cable Clone
Earlier this year, a security researcher managed to embed wireless implants into regular USB cables. The O.MG cable looks and functions like any other USB cable, except that the implant provides threat actors with remote access to the computer the cable is plugged into.
11. IoT Devices Hacked With Blank Credentials
A recent experiment by Avira found that the most common set of credentials used to attack Internet-of-things (IoT) devices consists of an empty username and password. Blank credentials were used in 25.6% of attacks on an IoT honeypot. Other common credentials were admin | admin, support | support, and root | root.
12. Malicious Work Emails are 3x Worse Than the Flu Virus
A recent report by Wire found that while someone sick with the flu has a 20 to 25% chance of infecting someone else in their household, 71% of companies suffered an email-based cyberattack in the past year as the result of an employee spreading a malicious message to colleagues.
13. Grabbing Wi-Fi Passwords from Smart Light Bulbs
Earlier this year, a security researcher discovered that certain LIFX smart lighting bulbs stored Wi-Fi passwords and other sensitive data in plaintext. This could allow threat actors to retrieve the information from discarded bulbs.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io