Hacking lampposts and vending machines

Hacking lampposts and vending machines

Forgot your toothbrush at home? No problem, the hotel has a vending machine.

Headphones stopped working just before getting on a 10-hour flight? No problem, there is a tech vending machine right by your gate.

There are vending machines everywhere dispensing anything and everything. From cold drinks and snacks to toiletries and various tech gear, the vending machine is today’s equivalent of a desert oasis.

We select the item we want, swipe our credit card, and moments later we are munching on our sandwich.

Very convenient. But convenience can come at a price.

Sneaky snack attack

Back in 2017, a hacker infiltrated a university through various devices including vending machines and smart lamposts (yes – that is a thing).

When students from an unnamed university started complaining about poor connectivity, the case was initially brushed off. Eventually, members of the establishment lost access to the majority of the internet altogether and this is when they took the student’s complaint a little more seriously. The case was finally reported to their internet provider, Verizon, whose Research, Investigations, Solutions and Knowledge (RISK) Team immediately took action and investigated the case.

RISK found that around 5,000 devices linked to the university’s Internet of Things (IoT), which is a network of devices connected to the internet, suffered a DDoS attack; a Denial Of Service.

The hackers gained access through the most bizarre devices such as vending machines and lampposts to send a number of DNS requests, which overloaded servers and prevented it from functioning properly. This DDoS attack was made easy through brute force weakening their default device passwords, enabling hackers to turn these devices into malicious actors called botnets.

A vulnerable billion-dollar industry

The global value of the vending machine industry has reached $30 billion, growing at a steady 9% rate every year. Over time, these machines have been integrated into the IoT ecosystem. This new level of integration can be a blessing and a curse. While it provides more control for establishments, it opens up more opportunities for hackers to exploit this billion-dollar industry.

And this was the case for the aforementioned university incident.

Ultimately, the more devices being used means that more people can come in and invade your private data and compromise your security.

Risks of innovation

The IoT is used to make life more convenient by gathering information from users and analyzing the data to help with tasks. These devices can be anything from vending machines to fitness trackers or even smart toasters.

But anything on the internet can be hacked if it’s not secure enough, so the IoT wave has brought about many concerns on data privacy and security; especially if basic security rules are not followed.

Weak passwords played a major part in the 2017 attack, and in many high-profile breaches in the past decade.  A simple Google search can reveal what the default password is on routers, WiFi extenders, and IoT devices. If these are not changed, it’s a free pass for hackers.

Not updating the firmware on devices can also be an issue. Let’s be honest, updating the firmware on your air conditioner or smart coffee machine is very “low priority” compared to updating your computer or phone. Hackers know this and are banking on that. While hacking a toaster doesn’t seem like a productive use of someone’s time, the hackers use this as a vector to access the rest of the network that the toaster has access to.

IoT devices can be the weak point of your network.

So in summary

As hackers find more ways to capture our information and take our devices, online platforms, messaging apps, and even devices hostage that we never knew were corruptible, it’s become apparent that poor security can cost us much more than we think.

Attacks like these serve as a reminder that connectivity definitely carries a big risk, and that we have to invest in evolving security and safety just as much as we invest in innovation. 

Liron Segev - TheTechieGuy

Liron Segev is an award-winning tech blogger, YouTube strategist, and Podcaster. He helps brands tell their stories in an engaging way that non-techies can relate to. He also drinks way too much coffee! @Liron_Segev on Twitter