IoT: When toasters attack

While people have been discussing the possible threat of Artificial Intelligence (AI) – a totally different and very real threat has emerged: IT-attacks exploiting the Internet of things (IoT).

Simply put, a multitude of connected devices can be used in unexpected, unwanted and destructive ways. IT security expert Bruce Schneier explains in reference to a recent attack…

Instead of using traditional computers for their botnet, they used CCTV cameras, digital video recorders, home routers, and other embedded computers attached to the internet as part of the Internet of Things.

E.g. it can be about DDos-attacks or to set up a botnet to distribute malware.

Many devices used today are more or less unprotected. At Krebs on Security the victim of such an attack, Brian Krebs writes…

One of those default passwords — username: root and password: xc3511 — is in a broad array of white-labeled DVR and IP camera electronics boards made by a Chinese company called XiongMai Technologies. These components are sold downstream to vendors who then use it in their own products. (…)

“The issue with these particular devices is that a user cannot feasibly change this password,” said Flashpoint’s Zach Wikholm. “The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”

This also raises the question of state-sponsored attacks. What if a country orders its electronics industry to include specific vulnerabilities, backdoors, malware etc. in its products?

For now, I guess awareness and an open discussion is the best protection. Also, there might be initiatives on a political level in the EU:

According to a report at, the Commission is planning the new IoT rules as part of a new plan to overhaul the European Union’s telecommunications laws. “The Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure,” wrote Catherine Stupp. “The EU labelling system that rates appliances based on how much energy they consume could be a template for the cybersecurity ratings.”

• We Need to Save the Internet from the Internet of Things »
• Who Makes the IoT Things Under Attack? »
• Europe to Push New Security Rules Amid IoT Mess »
• Commission plans cybersecurity rules for internet-connected machines »


One Response to IoT: When toasters attack

  1. Antimon555 October 18, 2016 at 4:17 pm #

    About a year ago I wrote a post on this, however in Swedish, including a short story of a scenario that could happen if malicious hackers find some vulnerabilities…

Leave a Reply