A curated list of hacks in IoT space so that researchers and industrial products can address the security vulnerabilities
You should look at some of these resources if you are planning to enter the world of IoT development especially if you are making a product that you plan to sell.
Analysis, Reports and Slides
- Internet of Things Research Study (HP 2014 Report)
- The Internet of Fails, (video)
- Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices
- Hack All The Things: 20 Devices in 45 Minutes – (wiki, video)
- Careful Connections: Building Security in the Internet of Things (FTC)
- Analysis of IoT honeypot data; How devices are hacked, type of infections and origin of attacks (Kaspersky lab, 2018)
Communities
- IoT VillageTM
- BuildItSecure.ly
- Secure Internet of Things Project (Stanford)
- The Open Web Application Security Project (OWASP)
IoT Hacks
Thingbots
RFID
- Vulnerabilities in First-Generation RFID-enabled Credit Cards
- MIT Subway Hack Paper Published on the Web
- Tampered Card Readers Steal Data via Bluetooth
Home Automation
- IOActive identifies vulnerabilities in Belkin WeMo’s Home Automation
- Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices
- Popular Home Automation System Backdoored Via Unpatched Flaw
Connected Doorbell
Hub
Smart Coffee
Wearable
Smart Plug
- Hacking the D-Link DSP-W215 Smart Plug
- Reverse Engineering the TP-Link HS110
- Hacking Kankun Smart Wifi Plug
- Smart Socket Hack Tutorial
Cameras
- Trendnet Cameras – I always feel like somebody’s watching me
- Hacker Hotshots: Eyes on IZON Surveilling IP Camera Security
- Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices
- Hacker ‘shouts abuse’ via Foscam baby monitoring camera
- Urban surveillance camera systems lacking security
- TWSL2014-007: Multiple Vulnerabilities in Y-Cam IP Cameras
- Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras
- Samsung SmartCam install.php Remote Root Command Exec
Traffic Lights
- Green Lights Forever: Analyzing The Security of Traffic Infrastructure
- Hacking US (and UK, Australia, France, etc.) Traffic Control Systems
Automobiles
- Hackers Remotely Attack a Jeep on the Highway
- Comprehensive Experimental Analyses of Automotive Attack Surfaces
Airplanes
Light Bulbs
- Hacking into Internet Connected Light Bulbs
- Hacking Lightbulbs: Security Evaluation Of The Philips Hue Personal Wireless Lighting System
- IoT Goes Nuclear: Creating a ZigBee Chain Reaction
- Extended Functionality Attacks on IoT Devices: The Case of Smart Lights
Locks
Smart Scale
Smart Meters
Pacemaker
Thermostats
- Cameras, Thermostats, and Home Automation Controllers, Hacking 14 IoT Devices
- Google Nest: Exploiting DFU For Root
- Smart Nest Thermostat, A Smart Spy in Your Home
- TWSL2013-022: No Authentication Vulnerability in Radio Thermostat
Fridge
- Proofpoint Uncovers Internet of Things (IoT) Cyberattack – Spam emails from fridges.
- Hacking Defcon 23’S IoT Village Samsung Fridge
Media Player & TV
- Breaking Secure-Boot on the Roku
- Google TV Or: How I Learned to Stop Worrying and Exploit Secure Boot
- Chromecast: Exploiting the Newest Device By Google
- Ransomware Ruins Holiday By Hijacking Family’s LG Smart TV on Christmas Day
Firearms
- DEF CON 25 – Plore – Popping a Smart Gun (Slides)
- Hacking a IoT Rifle – BlackHat 2015 – 36 slides
- Hackers Can Disable a Sniper Rifle—Or Change Its Target – Wired 2015
Toilet
Toys
- TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit
- Fisher-Price smart bear allowed hacking of children’s biographical data (CVE-2015-8269)
- Hello Barbie Initial Security Analysis
- Security researcher Ken Munro discovers vulnerability in Vivid Toy’s talking Doll ‘Cayla’
- Data from connected CloudPets teddy bears leaked and ransomed, exposing kids’ voice messages
Drones
- Parrot Drones Hijacking – RSA2018 Video, Pedro Cabrera, March 2018 (Slides)
- Hacking the DJI Phantom 3, Paolo Stagno, January 25, 2017
- PHDays VI, hacking Syma X5C quadcopter, Pavel Novikov and Artur Garipov, June 9, 2016
- All your bebop drones still belong to us, drone hijacking, Pedro Cabrera, 2016
- Shelling out on 3DR Solo, Kevin Finisterre,June 15, 2015