This post has been corrected.
Here is a roundup of the year’s biggest—and in many ways the most worrying—hacks to internet-connected devices.
Wired reporter Andy Greenberg was driving his car on a highway when he suddenly lost control of the vehicle. He sat helplessly as the radio and windshield wipers flickered on, while his engine was unceremoniously cut off. He tried to regain control, but it was hopeless—his car had been hacked while he was driving it.
The reporter was driving a Jeep Cherokee, which boasted an internet-connected entertainment system known as Uconnect. It was the Uconnect installed in the car’s dashboard that security experts Charlie Miller and Chris Valasek were able to exploit and hack from the comfort of a sofa. Greenberg had no idea how paralyzing the attack would be, but at least he knew it was coming.
Fiat Chrysler had to recall 1.4 million vehicles after the hack exposed the Jeep’s vulnerabilities, but it’s not just Cherokees that had the problem; it turned out Tesla cars could be hacked while driving, too, requiring the electric car company to release a patch.
In fact, internet-connected cars have many vulnerabilities, which make them easy to hack.
Security experts have warned that Wi-Fi-enabled toys presents a significant risk to hacking. And this year, it seemed like no toy was safe, not even Barbie.
Experts exposed the vulnerabilities of the internet-connected iconic doll; hackers could steal personal information and turn Barbie’s microphone into a surveillance device, which could have been used to spy on children.
Hackers set their sights beyond smart gadgets this year, hacking into a range of appliances, such as smart fridges and baby monitors, to gain access to personal information and play noises that might sound odd or disturbing to parents, let alone their children.
Earlier this year, researchers at Synack tested the vulnerability of 16 home-automation devices, which included cameras and thermostats. The results were concerning—researchers were able to execute a hack of one kind or another against nearly every device.
Noted the researchers, “We found that in general, the Internet of Things (IoT) industry has some work to do in terms of following best security practices.”
US government officials sent a stark message on July 31 warning hospitals to disconnect the Symbiq Infusion System, a pump used to administer intravenous drugs, and urging them to transition to a different pump, citing “cybersecurity vulnerabilities.”
This pump was not the only medical device exposed to hacking this year; a group of students hacked into a pacemaker and demonstrated life-threatening injuries on a simulated human.
Correction: A previous version of this post stated Hospira would phase out other similarly connected pumps at the cost of $300 million. Hospira was using that sum to retire a number of pumps prior to the FDA alert as well as investing in new technology.