SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
3 Aug 2017

Exposed IoT servers let hackers unlock prison cells, modify pacemakers

Lucas Lundgren sat at his desk as he watched prison cell doors hundreds of miles away from him opening and closing.

He could see the various commands floating across his screen in unencrypted plain text. "I could even issue commands like, 'all cell blocks open'," he said in a phone call last week. Without being there, he couldn't know for sure if his actions would've had real-world consequences.

"I'd probably only know by reading about it in the newspaper the next day," said Lundgren, a senior security consultant at IOActive, ahead of his Black Hat talk in Las Vegas last week. It's because those cell doors are controlled by a little-known but popular open-source messaging protocol known as MQTT, which lets low powered, internet-connected (IoT) sensors and smart devices communicate with a central server using little bandwidth -- letting prison guards remotely control the locks on a cell door. The protocol is used everywhere -- by hobbyists at home, but also in industrial systems like gauges and equipment sensors, electronic billboards, and even medical devices.

But all too often, the servers that listen to devices and send commands aren't protected with a username or password, allowing anyone with an internet connection to look into one of the 87,000 unprotected servers, according to Lundgren's port scans. "It's a scary situation," he said. "Not only can we read the data -- that's bad enough -- but we can also write to the data."

Lundgren has seen heart monitors and insulin pumps that are constantly updating data over the protocol so that a doctor can read it remotely on a web page and make alterations, he said. "If I wanted to be malicious, I could probably change the insulin or something, and see what happens," he said.

Throughout his scans, he found servers from all over the world, running everything from home automation and alarm systems, to nuclear power plants, a particle accelerator -- and even an oil pipeline. "I can see the pressure flow back and forth," said Lundgren. He wasn't sure of the pipeline's location, but said he could see usernames and passwords to its entire industrial control system.

"If you can push more oil through, you could injure people," he said. Lundgren also found a server operating in a German train station. He could see when trains run, which track they're on, and when they arrive. "I don't know what the impact could be if I changed it," he said. "The best case scenario is that the devices just update the boards," said Lundgren -- though, he couldn't be sure if the data aggregated down to the actual tracks.

In the worst-case scenario, an attacker could've manipulated where trains go on each track, potentially causing a crash. Among his finds were sex toys, blood pressure machines, air humidity sensors, and earthquake alert systems, he said. In one of the slides at his Black Hat talk, he described how a user-modified Tesla vehicle was leaking its real-time geolocation and other vital statistics.

But Lundgren will be the first to launch a defense for the protocol -- laying blame at the hands of its users. "To blame MQTT isn't fair -- the protocol isn't the problem," he said. "You should always use encryption, and a username and a password on the server," he said. "The majority don't bother." Several significant data breaches and exposures have resulted from leaving servers unprotected, including database servers that've been held to ransom, and Amazon cloud storage units that have been raided, among others.

He said that companies like Amazon, IBM, and Microsoft -- some of the big names with cloud-based MQTT solutions, which he recommends -- force you to set up the servers properly. "Security is in your hands," he said.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
information leaks Internet of Things
Source:
ZDNet
1157
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015