How to search and use IoT for Hacking

October saw one of the  most serious instances of taking down of the Internet using Internet of Things (IoT) devices that disrupted some of the major websites such as twitter, CNN and GitHub to name a few.

It is something incomprehensible for the average Joe that an electrical Toaster could have brought down half the Internet that day. And yet, this is exactly what happened. The Distributed Denial of Service (DDoS) attack were launched not from hundreds or thousands of computers sitting on peoples desks but using microprocessors installed on Internet connected devices such as DVRs, Electric Toasters, Toys, Security Cameras, etc.

The mystery is not what was used for this attack but how hackers gained access to these unsecured devices on the Internet which has billions of IP Addresses. How could hackers locate these devices and use them for the attack!

It seems Hackers wrote scripts that used the “sh” command to search for IP Addresses and login to these connected devices using the username “root” and password ““xc3511” which is generally default password for most Internet connected webcams. These programs scan through open ports of thousands of these connected devices per hour and supposedly digging through IP addresses of devices that are hosted on Amazon cloud servers. Cloud servers are the ideal platform for launching DDoS attacks just as they protect websites, they can also be manipulated for carrying out attacks.

So if your Internet connected device is not secured properly there is a 100% chance of the device being hacked. What is most astonishing is that Hackers are now able to search and find such devices across the entire Internet and not just a few weak spots. They have the tools to do this.

Devices that hide behind a Wi-Fi router that is properly secure are less vulnerable as compared to devices that are directly connected to the modem or an Internet service such as in industrial automation. The bane of the problem is the use of weak and reused passwords that hackers can programmatically crack.

Source: Wikimedia Commons

About The Author

"Founded in July, 2016, is a cyber security blog that covers important security issues affecting common users, industry and governments. It aims to create awareness among its readers about malware, hacking, encryption, identity theft, privacy, etc and also offer solutions to protect themselves from such attacks"

1 Comment

  1. Home security Systems Installation and Servicing with Professional E-sync Security Solutions Engineers. Best Price Security Camera and accessories. less time for completing projects and AMC Services.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

eight − 8 =