How long does it take to hack an unsecured IoT device?

Internet of Things security CSC Blogs

Cyber hackers in September launched one of largest-ever DDoS attacks, using a network of connected devices. Most of these devices were CCTV cameras, but that’s not really relevant: What is relevant is that they were 1) connected to the Internet and 2) not secured.

Given that research firm Gartner says an average of 5.5 million new devices are being connected every day this year, one might assume this vast network of connected devices — known as the Internet of Things (IoT) — would attract some bad actors seeking to exploit vulnerabilities.

As a recent article in The Atlantic makes clear, that assumption would be startlingly correct.

Wondering whether the vast number of IoT devices might provide at least the security of insignificance and anonymity, writer Andrew McGill decided to find out:

I devised a test. Renting a small server from Amazon, I gussied it up to look like an unsecured web device (a toaster), opening a web port that hackers commonly use to remotely control computers. Instead of allowing real access, though, I set up a false front: Hackers would think they were logging into a server, but I’d really just record their keystrokes and IP addresses.

As McGill notes, this is a common ruse known as a honeypot, an inviting trap for catching hackers.

I switched on the server at  1:12 p.m. Wednesday, fully expecting to wait days—or weeks—to see a hack attempt.

Wrong! The first one came at 1:53 p.m.

In other words, McGill’s fake toaster barely had time to make any fake toast before a hacker (though more likely a hacker’s automated script) came sniffing around. By midnight, the besieged virtual toaster had been the target of more than 300 hacking attempts.

The lessons for enterprises are that:

  • No IoT device is too insignificant or “invisible” to be hacked
  • Hackers now use perpetual scans for vulnerabilities; they don’t rest, and neither should you
  • If your device is unsecured, it will be attacked — and sooner than you think
  • Hacked toast is the worst

Is your enterprise securing its IoT devices?


Welcome to the wonderful world of hijacked IoT devices

Security lags as IoT moves from prototype to deployment

As IoT risks rise, security vendors won’t meet challenge, says Gartner


  1. Tim Coote says:

    Why is this news? It used to be possible to spot when school opened in S. Korea as there was an uptick in standard hack-attacks.

    If you look at the relevant logs of any firewall, you’ll see hundreds of standard hacks per day. In fact, when looking at the demand on some HTTP based APIs, it’s necessary to account for such attacks as they can be expensive to reject.


  1. […] targets for hackers, as one technology writer discovered when he set up a fake IoT device that was attacked hundreds of times in just a few […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.