Imagine waking up one morning to find your robot vacuum on the fritz, your refrigerator asking you for ransom money and your crypto and bank accounts completely drained.
No, it’s not the plot of Stephen King’s trashy 1986 horror “Maximum Overdrive” (about a rogue comet that triggers a global outbreak of sentient killer machines).
Instead, it’s what could happen if hackers decided to infiltrate your PC through one of your home’s many smart devices, which is more likely now with an estimated 18.8 billion Internet of Things (IoT) devices globally and around 820,000 IoT attacks on average per day.
“Insecure IoT devices (e.g., routers) can serve as entry points to home networks,” Tao Pan, a researcher at blockchain security firm Beosin, tells Magazine.
As of 2023, the average US household had 21 devices connected to the internet, with a third of smart home device consumers reporting being the victim of a data breach or scam in the last 12 months.
“Once infiltrated, attackers can move laterally to access connected devices, including computers or mobile phones used for crypto transactions, and also can capture login credentials between devices and exchanges. This is especially risky for crypto owners using APIs for crypto trading,” he adds.
So, what exactly can hackers get their hands on around your home, and what damage can they do?
Magazine gathered some of the strangest things that have been hacked over the last few years, including one case where a door sensor was hacked to mine cryptocurrency. We’ve also gathered some tips to keep your data and crypto safe.
Hacking your coffee machine
In 2019, Martin Hron, a researcher at cybersecurity company Avast, wanted to show how easy it is for hackers to access your home’s network and its devices.
So, naturally, he remotely hacked his own coffee machine.
Hron explains that, like most smart devices, coffee makers come with default settings, and no passwords are needed to connect the device to WiFi, making it easy to upload malicious code into the machine.
“Many IoT devices first connect to your home network via their own WiFi network, which is intended to be used just to set up the machine. Ideally, consumers immediately protect that WiFi network with a password,” explains Hron.
“But many devices are sold without passwords to protect the WiFi network, and many consumers don’t add one,” he adds.
“I’m able to do whatever I want because I am able to replace the firmware, which is the software that operates the coffee maker. And I can replace it with whatever I want. I can add functionality, remove functionality and overcome security measures that are built in. So, I can do anything,” he said in a video posted by Avast.
In his example, Hron uses the coffee maker to display a ransom note that essentially bricks the device unless a ransom is paid.
However, the coffee maker could be made to do more malicious things, like turning on its burner to create a fire hazard or spitting out boiling water if the victim doesn’t comply, for example.
But perhaps just as scarily, it could silently sit there as a gateway to your entire network — letting them spy on anything from bank account details, emails or crypto seed phrases.
Casino fish tank is compromised
One of the most famous cases happened in 2017, when cyberattackers transferred 10 gigabytes of data from a Las Vegas casino by compromising an internet-connected fish tank in the lobby.
The fish tank had sensors to regulate temperature, food and cleanliness, which were connected to a PC on the casino’s network. Hackers used the fish tank to move to other areas of the network, sending data to a remote server in Finland.
This was despite the casino having deployed typical firewalls and antivirus software. Luckily, the attack was quickly identified and dealt with.
“We stopped it straight away, and no damage was done,” cybersecurity firm Darktrace CEO Nicole Eagan told the BBC at the time, adding that the growing number of internet-connected devices meant “it is a hacker’s paradise out there.”
Door sensor that secretly mined crypto
Then, years later in 2020, when offices worldwide sat empty amid the COVID-19 pandemic, Darktrace discovered a secret crypto mining operation that exploited a server controlling an office’s biometric door access.
The cybersecurity firm identified the incident after the internet-facing server downloaded a suspicious executable from an external IP address that had never been seen on the network.
After downloading the file, the server repeatedly connected to external endpoints associated with mining…
cointelegraph.com