University attacked by its own IoT devices

[vemn]

Today’s cautionary tale comes from Verizon’s sneak peek (pdf) of the 2017 Data Breach Digest scenario. It involves an unnamed university, seafood searches, and an IoT botnet; hackers used the university’s own vending machines and other IoT devices to attack the university’s network.

Since the university’s help desk had previously blown off student complaints about slow or inaccessible network connectivity, it was a mess by the time a senior member of the IT security team was notified. The incident is given from that team member’s perspective; he or she suspected something fishy after detecting a sudden big interest in seafood-related domains.

Continue full story here

Forever free drink dispensing?

 

[Winter Soldier]

Thanks for sharing

Generally speaking, the risks related to the IoT are intensify by their highly accessible nature, so they should be protected against a wide range of active and passive threats.

Among the active threats, we have to consider the IoT devices are often connected to the network and they can access and control other network equipments.

This connectivity may allow the attackers to use a IoT device to bypass the security settings of the network and launch attacks against other network equipment as if it were "from the inside".

 

[Solarquest]

The problem is most IOT has poor security and huge vulnerabilities and very few people know how to protect them.
In other words, how to protect them against attack if you really have/want to have tem connected?

Btw, interesting reading

University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices
...Imagine they couldn't get the passwords....5000 devices to be flashed/changed....

 

[vemn]

Lol wondering why vending machine needs network...
Still prefer the old hack of tapping a string to a coin to cheat payment XD