Be careful, your vacuum Bots and coffee machine could be stealing your Bitcoin?

robot
Abstract generation in progress

Smart home devices are vulnerable to hacking, allowing attackers to record passwords or mnemonic phrases, thereby stealing your cryptocurrency. Below, we expose the various security risks associated with IoT devices. This article is adapted, compiled, and authored by TechFlow from a piece by Felix Ng. (Background note: LOL! UXLINK hackers stole $11.3 million “only to fall victim to a phishing attack”, the crypto world is rife with black on black crime.) Robotic vacuums and other smart home devices can be easily compromised by hackers to record your password entries or mnemonic phrases. Imagine waking up one morning to find the robotic vacuum out of control, the refrigerator demanding ransom from you, while your cryptocurrency and bank account funds have been completely drained. This isn't a scene from Stephen King's 1986 horror film “Maximum Overdrive”, which tells the story of a rogue comet triggering a worldwide machine murder spree. On the contrary, this reflects the real risks of hackers breaching your computer through smart devices in your home. With the number of IoT devices worldwide expected to reach 18.8 billion, averaging about 820,000 IoT attacks per day, the likelihood of such a scenario is increasing. “Unsecured IoT devices (like routers) may serve as gateways to infiltrate home networks,” said Tao Pan, a researcher at blockchain security firm Beosin, in an interview. As of 2023, the average American household owns 21 connected devices, with one-third of smart home device consumers experiencing data breaches or fraud in the past 12 months. “Once compromised, attackers can move laterally to access connected devices, including computers or phones used for cryptocurrency transactions, and can capture login credentials between devices and exchanges. This is particularly dangerous for users trading cryptocurrency via APIs,” he added. So, what information can hackers steal from your home, and what damage can they cause? “Magazine” has gathered some of the most bizarre hacking incidents from recent years, including a case where a door access sensor was hacked for cryptocurrency mining. We also compiled practical tips for protecting data and cryptocurrency security. Hacking a Coffee Machine In 2019, cybersecurity researcher Martin Hron from Avast demonstrated how hackers can easily access home networks and their devices. He chose a simple target: remotely hacking his own coffee machine. Hron explained that, like most smart devices, the coffee machine used default settings and could connect to WiFi without a password, making it easy to upload malicious code to the machine. “Many IoT devices first connect to the home network via their own WiFi networks, which are only used for configuring the devices. Ideally, consumers would immediately password protect that WiFi network,” Hron explained. “But many devices come from the factory without password protection for the WiFi network, and many consumers also do not set a password,” he added. Original video link “I can do whatever I want because I can replace the firmware, which is the software that operates the coffee machine. And I can replace it with anything I want. I can add features, delete features, and even bypass built-in security measures. So, I can do whatever I want,” he said in the video released by Avast. In his demonstration, Hron displayed a ransom note through the coffee machine, which was locked and could not be used unless a ransom was paid. You can choose to turn off the device, but that means you’ll never get to drink coffee again (Avast/YouTube). However, in addition to displaying ransom notes, the coffee machine could also be used to carry out more malicious operations, such as turning on heaters to create fire hazards, or spraying boiling water to threaten victims. More frighteningly, it could quietly become an entry point into the entire network, allowing hackers to monitor your bank account information, emails, and even encryption mnemonic phrases. Hacking a Casino Fish Tank One of the most famous cases occurred in 2017 when hackers infiltrated a connected fish tank in the lobby of a Las Vegas casino, exfiltrating 10GB of data. The fish tank was equipped with sensors for regulating temperature, feeding, and cleaning, which were connected to a computer on the casino's network. The hackers accessed other areas of the network through the fish tank and sent the data to a remote server in Finland. The fish tank might look something like this (Muhammad Ayan Butt/ Unsplash). Despite the casino deploying regular firewalls and antivirus software, the attack was still successful. Fortunately, the attack was quickly detected and dealt with. Nicole Eagan, CEO of cybersecurity firm Darktrace, told BBC at the time, “We stopped it immediately, and there was no damage done.” She also added that the increasing number of internet-connected devices means “it’s a hacker’s paradise.” Door sensors can also mine secretly In 2020, during the office closures due to the COVID-19 pandemic, cybersecurity firm Darktrace discovered a covert cryptocurrency mining operation—hackers were using a server controlling the office biometric access system to mine illegally. The clues for this incident came from the server downloading suspicious executable files from an external IP address that had never appeared on the network before. Subsequently, the server connected multiple times to external endpoints related to the privacy token Monero's mining pool. This type of attack is known as “cryptojacking”; Microsoft's threat intelligence team discovered more such instances in 2023, with hackers targeting Linux systems and internet-connected smart devices. Microsoft's investigation found that attackers initiated attacks by brute forcing internet-connected Linux and IoT devices. Once inside the network, they would install backdoors, subsequently downloading and running cryptocurrency mining malware. This not only leads to skyrocketing electricity bills but also directs all mining profits straight into the hacker's wallet. Cases of cryptojacking are numerous, with one of the latest involving embedding cryptojacking code into a fake 404 HTML page. Hacking Smart Devices: Destroying the Power Grid Even more frightening, security researchers at Princeton University once proposed a hypothesis: if hackers could control a sufficient number of high-energy devices, like 210,000 air conditioners, and turn them on simultaneously, it could lead to a blackout affecting as many as 38 million people, equivalent to the population of California. These devices would need to be concentrated in a specific part of the power grid and turned on at the same time to cause an overload in certain power lines, damaging or triggering protective relays on those lines to shut down. This would transfer the load to the remaining lines, further stressing the power grid and ultimately triggering a chain reaction. However, this scenario requires precise malicious timing, as fluctuations in the power grid are common during extreme weather (such as heatwaves). Robotic Vacuums Are Watching You Last year, robotic vacuums in several locations across the United States suddenly began to activate on their own. It turned out that hackers had discovered a severe security flaw in a Chinese-made Ecovac robotic vacuum. Reports indicate that hackers can remotely control these devices to intimidate pets, yell profanities at users through built-in speakers, or even spy on the user’s home environment using built-in cameras. An image from the hacked Ecova…

WIFI-3.31%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
0/400
No comments
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate App
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)