Top 5 Shocking IoT Security Breaches of 2019

With the continued growth of technologies and IoT devices, the countless benefits came with uncertain vulnerabilities. According to Safeatlast, there are more than 26.66 billion IoT devices that are active and 127 new devices are being connected to the internet every second. By next year, global spending on IoT technologies is expected to reach USD 1.3 trillion, and the number of IoT devices is expected to surpass by 75 billion by 2025. This is why IoT security must become a top priority for everyone, even if you don’t own any IoT device yourself! 


We have analyzed the importance and vulnerabilities of IoT technology in 2018. However, as securing IoT devices are getting more and more challenging, we are here to take a look at the most shocking IoT security incidents that took place in 2019 and be reminded of the importance of IoT security, once again. 


1. Could Apple Have Listened to My Conversations Without My Approval?


Earlier this year in January, a so-called Apple ‘Facepalm’ bug hit the headlines. It occurred in Arizona, whilst a 14-year-old boy was adding his friend to a group conversation. Despite the fact that the friend never picked up the phone, the boy was able to listen in to conversations taking place in the friend’s iPhone environment, according to ZDNet. Regardless of the boy’s countless attempts to report the case to Apple, an action from Apple had only been taken after a week the incident occurred. As a result, Apple has decided to take the security flaw seriously and released a software update to resolve the bug later on.


2. Has My WiFi Router Been Exposed to Malicious Codes?


Also occurred in January, one of the most popular WiFi chipsets (firmware of Marvell Avastar 88W8897) on the market has been exposed to a vulnerability that can be triggered without any user interaction, according to ZDNet. It is deployed with devices including PlayStation 4, Xbox One, MS surface laptops, Samsung Chromebooks, and smartphones. However, it was found to be entirely an application firmware issue, and patches have been released after the incident. 


3. Has Your IoT Device Been Bricked by This Malware in June?


Inspired by the old BrickerBot strain (April to December 2017), Silex Malware worked by trashing an IoT device’s storage, dropping firewall rules, removing the network configuration, and halting the device, according to Larry Cashdollar, one of Akamai’s researchers. The malware was quickly spread amongst IoT devices and resulted in 1,650 attacking devices. In order to recover, the owners had to manually reinstall all the devices’ firmware. Surprisingly, this malware was spread by a 14-year-old teen, by the pseudonym of Light Leafon. 


4. Your ID Might Have Been Leaked!


There was a flaw in the Bluetooth communication protocol back in July, that caused exposure of modern device users to be tracked and leaked of their IDs, according to ZDNet. It could be used to spy on users despite native protections the OS had and could have impacted Windows 10, iOS, and macOS devices. However, according to a research paper carried out by Boston University, the algorithm does not require message decryption or breaking Bluetooth security in any way.  MS also had officially announced the issue has been addressed in their May update. 


5. Alexa and Google Home Devices Have Been Eavesdropping on Us, Again!


On top of numerous findings back in 2018, hackers have once again abused Alexa and Google Home smart assistants to eavesdrop on users without users’ knowledge, or even worse, tricking users into handing over sensitive information, according to ZDNet in October this year. No matter how both Amazon and Google have deployed updates every time, it seems like newer ways to exploit devices have continued to surface. 


Protecting Your Data


With such speedy developments of IoT devices and technologies, the threats and attacks are a clear and present danger for individuals as well as organizations all over the world. Therefore, it is critical that we know how to protect our own data and devices against these abuses. We must take the matter seriously and realize that the failures can bring disastrous outcomes. Being attentive to our own data will also allow manufacturers and companies to put more focus back on the primary intents of IoT – which is improving the quality of life and experience of the users.