Updated October 27, 2024
IoT, or Internet of Things, means any device that can connect to the internet. This is increasingly becoming a large list of potential devices, with anything ranging from televisions to coffee machines able to connect to the internet. This can provide great everyday convenience for the owner since it can often mean that starting a pot of coffee is as simple as pressing a button on an app, but this can also open up the network to potential attack.
Hacking IoT Devices
IoT devices are often overlooked from a security standpoint. Especially if these devices are not public-facing, organizations will often leave them insecure and not do due diligence to keep them as hardened against attack as possible. Hackers will exploit this fact to use network devices as an easy foothold for an attack. Devices often have easily exploited software vulnerabilities that remain unpatched. Especially once this becomes public, hackers will jump at the opportunity to attack these devices.
Even devices without glaring software bugs will be targets of attack. Default credentials are extremely common. This can give an attacker an easy foothold into a network and use the compromised device as a first step to further compromise. We regularly see this during our Internal Penetration Tests. Our team at Blue Goat often finds devices such as printers, routers, or even more uncommon ones like x-ray machines that can be compromised and used for further access.
Control of IoT devices can provide massive benefits to attackers. Many devices will contain sensitive information either about the network or the organization. Printers can be a great example. Print jobs can cache information that attackers can strip out, potentially allowing them access to sensitive information sent in print jobs. Finding internal and external address books in printer settings is common. This information can give an attacker an edge in getting further access in the network since internal emails will often be valid domain accounts.
The most severe problem is likely when devices are connected to external services. Using the printer example, these devices are commonly connected to services that attackers target. Protocols such as LDAP, SMB, SNMP, and more will often require credentials to access, and these credentials may be stored on the printer. An attacker’s ability to access these credentials can allow quick lateral movement in the network.
Manipulating Intended Functionality
In many cases, IoT devices can be the intended target, and there is no need to leverage them for further access. Many devices have functionality that attackers will directly target. For example, oftentimes, security cameras will connect to the internet. An attacker can directly target these cameras to see the video feed. The consequences of this can be silly and minor, such as being able to manipulate the temperature of a thermostat. Still, they can also be extremely severe if a hacker gets access to a sensitive device, such as a medical device.
Sensitive medical devices can be controlled remotely and manipulated by hackers, which can potentially be life-threatening. In 2017, hackers targeting St. Jude’s Hospital compromised various cardiac devices. With these attackers’ access, they could disable the devices or change their settings, potentially modifying life-saving care for patients. Blue Goat can test medical devices and any other IoT devices to identify any security flaws and work with your team to fix them.
Identifying Vulnerable Devices
Hackers typically want to go for low-hanging fruit when scouting targets to attack. IoT devices often meet that criteria. Certain sites, such as shodan.io, crawl the internet and look for certain characteristics. This can be anything from identifying a certain open port to finding a device. A search for exposed MayGion IP Cameras reveals over 1,000 results. Many of these devices may have default credentials that malicious hackers can exploit.
This process can also be used to target known vulnerabilities. A good example is CVE-2021-27954, a heap-based overflow vulnerability targeting Ecobee3 Lite smart thermostats. If a hacker knows how to perform the exploit, they can search for any of these devices and instantly have a vulnerable target.
Perform Your IoT Testing with Blue Goat Cyber
Our team of testers can help secure your network and any attached IoT devices. We can also test your devices before you release them as a finished product. Contact us to find out more.