Hackers connected an IoT parking kiosk to porn in ‘grey hat’ attack

Hackers connected an IoT parking kiosk to a porn site in what appears to have been a 'grey hat’ attack without malicious intent.

The most well-known labels for hackers are ‘black hats’ or ‘white hats’ to indicate whether hackers intend to cause damage, or whether they intend to find vulnerabilities to protect a system from being compromised.

Grey hats are somewhere in-between and often cause mischief to highlight vulnerabilities but aren’t out to cause danger or lasting damage.

Cybersecurity company Darktrace released their 2018 Threat Report on Tuesday which highlighted the instance of a digital parking kiosk being connected to websites featuring adult content. The mystery, however, is that it didn’t actually show the content.

"It's unknown what the attacker's motive might have been," says Darktrace.

Our working assumption would be the mischievous hackers wanted to show the vulnerability in a – shall we say, ‘graphic’ – way that would not be stumbled upon by minors.

Darktrace uses AI to identify suspicious activities on a network. The aforementioned incident is just one of many that Darktrace has observed since last year as part of a worrying trend.

In another incident, the company observed a hack attempt which bounced across IoT devices on an industrial food assembly line. Devices including blenders, slicers, and baggers were all compromised.

The devices at the food assembly line obviously do not contain much information themselves, but were hacked in the attempt to convince the wider company network to provide access where valuable data could be obtained.

"Crucially, these devices did not have approval from the security team to be connected to the core IT infrastructure,” wrote Darktrace in their report.

“By correlating these factors in real time, Darktrace's AI detected the anomalous behavior and determined the activity to be a significant risk to the organization's assembly line.”

Many IoT devices are left unsecured and can pose a risk to its wider network, or even others.

Botnets used for DDoS attacks, like the infamous Mirai, use the increasing number of compromisable devices to flood networks with unprecedented amounts of traffic in order to cause significant disruption.

While the parking kiosk hack may have been a bit of mischief, Darktrace’s wider report goes to show the continued scale of the IoT’s security problems.

What are your thoughts on the IoT parking kiosk hack? Let us know in the comments.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.