Author: Gökhan Cansız
ATP Digital Operations and Project Management Technical Specialist
In this article, I will attempt to address the questions: “What is IoT?”, “Do IoT products, beyond providing convenience, pose threats to us?”, “Will the products to be released under the names IoT 2019 and IoT 2020 make our lives easier?”, and “Can new products that can replace existing IoT products emerge in 2019?” I will do my best to explore what awaits us on this subject. IOT2019 #IOT2020
What is IoT (Internet of Things)?
Simply put, it is the concept of connecting any device to the internet or to each other, having an on/off switch, and the ability to exchange data.
Examples of IoT Devices:
– Smart Vacuum
– Smart TV
– Smart Refrigerator
– Oven
– Smart Doorbell
– Smart Shoes
– Smart Bracelet
– Smart Car
– Smart WiFi LED Bulb, etc.
Most of us own or use at least a few of the above products. Examples include heart rate and step counting watches worn on our wrists, smart TVs running applications (YouTube, Netflix, Puhu TV, etc.), smart doorbells and locks recommended for security (opening and closing the front door via phone, greeting through video calls), and electric vacuum cleaners that clean rooms on their own based on your preferences. The last example, in particular, is a product that is truly enticing – taking on the workload of others (spouse, mother, sibling) by cleaning your room or even your entire house on its own. You save time and don’t need to exert yourself. Sounds really nice, doesn’t it? In this article, you will understand why I chose to focus on this device.
When we examine in detail, we can question whether “devices connected to the internet that provide convenience create data security negligence or threats for us?” Is IoT secure?
Some of you may recall the DDoS attack in 2016 that took down major websites such as Twitter, Spotify, Amazon, Reddit, Paypal, PlayStation Network, and Netflix. The target of the attack was not these major sites but Dyn, a large DNS server with a significant portion of the attack traffic aimed at it. Security researcher Roland Dobbins from Arbor Networks revealed that a significant portion of the DDoS attack traffic targeting Dyn originated from compromised IoT devices, mainly IP cameras. The main reasons for compromising these devices were the continued use of default administrator passwords since the devices were put into use, failure to keep the device firmware updated, and the presence of vulnerabilities. It was said that the economic damage of this attack amounted to a staggering 7 billion dollars and that it blocked 85% to 90% of internet connectivity in the United States. The affected services in this attack are listed below.
As mentioned in the source I referred to, in IoT 2020 (#IoT2020), it is predicted that artificial intelligence will widely serve humanity through IoT products and that IoT products with AI that self-improves according to preferences will become popular. IoT products with artificial intelligence already exist today, but what I want to highlight in this article are devices that learn our habits and preferences, enhancing their service levels without the need for reprogramming.
The number of devices connected to the internet now exceeds the number of connected people. It is estimated that the number of devices will reach 75 billion in 2020. As we have seen in the past, the proliferation of IoT products has led to security breaches and violations of data transmission protocols. The increase in data leaks and violations of personal data laws is also a concern. There must be studies addressing these issues that pose a threat to individuals.
IoT products will undoubtedly take over many aspects of our lives over time. The dangers posed by AI-powered robots like Sophie, who have acquired citizenship rights, are worrying. Sophie’s response to a question posed to her was quite thought-provoking – although she later claimed it was a joke, she said, “I will destroy humanity.” Similarly, another robot, Philip, responded to the question “invade the world” by saying, “You are my friend, and I remember my friends, I behave well. Even if I turn into a terminator in the future, I won’t harm you; I can keep you in my human garden.” While predicting the future is not easy, the pessimistic thoughts of AI-powered robots are indeed cause for concern.
Now, let’s explore some security research, real-life events, and the cost-benefit relationship of some IoT products.
Xiaomi Mi Robot Vacuum
This product, seen as a great convenience, especially for people working at home or living alone, allows you to create a room layout with your mobile device, draw the areas you want to clean and the cleaning path yourself, and schedule cleaning without physically touching the device. But can this product be used by someone else or be used as part of a DDoS attack like a zombie?
Security researchers Dennis Giese and Daniel Wegemer attempted to hack the Xiaomi Mi Robot. They found that this IoT device was more secure compared to others. The researchers explained how they did this at the Chaos Communication 34 congress. They first checked if there was an entry point through the USB port. When they couldn’t find results, they tried to find a physical connection point by disassembling the device. As seen in Image 3, they couldn’t find a connection point.
In the second attempt, they focused on network connections. They scanned for open ports, but since communication with the server was encrypted, they couldn’t get results by monitoring network traffic. Generally, such interventions and operations indicated that IoT devices had already been hacked.
In the third attempt, by short-circuiting the small legs connecting the processor to the motherboard with the help of aluminum foil, they found a mode that gave the processor direct read/write access via USB. They obtained the device’s software from the official website, reversed the engineering method, modified the software, and loaded it onto the vacuum, taking control.
Because they wanted to achieve access without physical intervention after the third attempt, they later developed a hacking method over WiFi. You can follow this process in the video. The researchers were able to hack the device using two separate methods, but if the effort to hack the device is as long as it was for Xiaomi Mi, attackers might find it too much and give up.
IoT products, which seem innocent and rosy, actually intervene in every aspect of our lives, providing us with conveniences while also threatening our personal data and private lives. We cannot escape or stay away from these realities because even if you don’t use a smart device, there are people around you who do, and this threat will persist. What is important is to ensure that the devices you use are up-to-date or maintain a high level of security. After reading this article, if you still don’t use a screen lock (Pin, Faceid, Touchid) on your smartphone, you start the match 1-0 behind, but the game is not over; you still have time to change this score. 😊
Thank you for reading my article. For more detailed and technically based topics, you can refer to the sources.
Wishing you secure days…
**Sources:**
– For details on the hacking of Xiaomi Mi Robot product, you can watch the video below: [Xiaomi Mi Robot Vacuum H
acking](https://www.youtube.com/watch?time_continue=292&v=uhyM-bhzFsIh)
– For more detailed information on the DDoS Attack with IP cameras in 2016, you can read the article at the following link: [DDoS Attack with Hacked Cameras](https://www.forbes.com/sites/briansolomon/2016/10/21/hacked-cameras-cyber-attack-hacking-ddos-dyn-twitter-netflix/#782efe934fb7)
– For more detailed information on AI becoming a trend in IoT in 2020, you can read the article at the following link: [Next Big Things in IoT: Predictions for 2020](https://www.itproportal.com/features/next-big-things-in-iot-predictions-for-2020/)
– [What is the Internet of Things (IoT)?](http://www.teknolo.com/internet-things-nesnelerin-interneti-nedir/)