This post has been corrected.
A lot more people are not only aware of
of the Internet of Things, but now actually own items, such as weather-aware fridges, that make their homes “smart” and their lives supposedly easier to manage. But
of internet-connected devices comes with a significant drawback that was repeatedly exposed in the last 12 months. If 2014 was
, then 2015 was the year of highlighting its vulnerability to hacking.
Here is a roundup of the year’s biggest—and in many ways the most worrying—hacks to internet-connected devices.
Wired reporter Andy Greenberg was driving his car on a highway when he suddenly lost control of the vehicle. He sat helplessly as the radio and windshield wipers flickered on, while his engine was unceremoniously cut off. He tried to regain control, but it was hopeless—his car had been hacked while he was driving it.
The reporter was driving a Jeep Cherokee, which boasted an internet-connected entertainment system known as Uconnect. It was the Uconnect installed in the car’s dashboard that security experts Charlie Miller and Chris Valasek were able to exploit and hack from the comfort of a sofa. Greenberg had no idea how paralyzing the attack would be, but at least he knew it was coming.
Fiat Chrysler had to recall 1.4 million vehicles after the hack exposed the Jeep’s vulnerabilities, but it’s not just Cherokees that had the problem; it turned out Tesla cars could be hacked while driving, too, requiring the electric car company to release a patch.
In fact, internet-connected cars have many vulnerabilities, which make them easy to hack.
Security experts have warned that Wi-Fi-enabled toys presents a significant risk to hacking. And this year, it seemed like no toy was safe, not even Barbie.
Experts exposed the vulnerabilities of the internet-connected iconic doll; hackers could steal personal information and turn Barbie’s microphone into a surveillance device, which could have been used to spy on children.
Hackers set their sights beyond smart gadgets this year, hacking into a range of appliances, such as smart fridges and baby monitors, to gain access to personal information and play noises that might sound odd or disturbing to parents, let alone their children.
Earlier this year, researchers at Synack tested the vulnerability of 16 home-automation devices, which included cameras and thermostats. The results were concerning—researchers were able to execute a hack of one kind or another against nearly every device.
Noted the researchers, “We found that in general, the Internet of Things (IoT) industry has some work to do in terms of following best security practices.”
US government officials sent a stark message on July 31 warning hospitals to disconnect the Symbiq Infusion System, a pump used to administer intravenous drugs, and urging them to transition to a different pump, citing “cybersecurity vulnerabilities.”
While confirming there hadn’t been any “unauthorized access of a Symbiq Infusion System,” the US Food and Drug Administration acknowledged that hackers could access the pump remotely and change the dosage of critical medicines. The maker of the pump
its plans to remove the Symbiq infusion device from the market prior to the FDA alert, as part of their broader global device strategy to retire and replace devices, and invest in the development of next-generation pump technology, at a cost of
This pump was not the only medical device exposed to hacking this year; a group of students hacked into a pacemaker and demonstrated life-threatening injuries on a simulated human.
Correction: A previous version of this post stated Hospira would phase out other similarly connected pumps at the cost of $300 million. Hospira was using that sum to retire a number of pumps prior to the FDA alert as well as investing in new technology.