Hackers are becoming increasingly sophisticated in their cyber attacks and it is not even the Internet of Things to blame this time. At least partially.
Of course, when everyday items such as lights, cars, tables, toys, air conditioners and more are connected to the internet, hacking becomes a lot easier as there are more points of entry for hackers.
Below we talk about two new such ways of hacking that have used the IoT technology to fit tiny Wi-Fi devices in everyday items — even though the users are not aware of them, nor are able to connect or use the wi-fi technology for anything.
1. Charging cables plugged into laptops
A hacker, known to the online community as MG, has done what was thought to be impossible — fit a Wi-Fi enabled implant in an iPhone charging cable.
Reported by TechCrunch, the hacked charging wire is known as the O.MG cable, and looks almost exactly like the real cable from Apple. It also charges the phone. However, the minute it is connected to the computer or laptop, the hacker within the same Wi-Fi range can “run commands as if they were sitting in front of the screen.”
This implant is not just for iPhone charging cables, but can be used for any cable plugging into the laptop.
“This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types. Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.MG, as reported by TechCrunch
2. Delivery packages
An innocent delivery package, perhaps addressed to you or mistakenly reached you, can very easily hack into your home network or office.
Aptly named “Warshipping”, these are delivery packages, as reported by TechCrunch, are very similar to the ones you get when you shop online, but with one major difference — they have very small computers hidden in the package, or as shown in TechCrunch’s video, in a toy. These computers essentially hack into your Wi-Fi network and from there, they can hack into your devices and steal sensitive information.
“It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location.”Charles Henderson, Global Managing Partner and Head of X-Force Red at IBM, as reported by TechCrunch.
The device costs just around $100 to build and has a 3G-enabled modem with cell service that allows it to be tracked. It also scans for wi-fi network, and when it finds one, it waits for “wireless data packets it can use to break into the network”, and after entering the network, it can quietly scan through the company’s vulnerabilities and steal data.
How often have you thought twice before plugging a charging cable to your laptop or not accepted a package delivered to you? Vulnerabilities are generally exploited through innocent looking means. Quite a few multinationals in the UAE, keep their mailrooms in the basement of the building, without access to the internet; while many others also disable USB connection slots. While these can be hurdles for many, it goes a long way in protecting the company from various attacks. Educating people is the best way forward to reduce this friction between IT and other departments.