Feb 15, 2017 08:34 AM EST
How Hackers Attacked A University Using Its Vending Machines And IoT Devices
A university was attacked by hackers using vending machines and other IoT devices connected to its network. The case was brought to light by Verizon. Network World reported that an unnamed university featured in Verizon's sneak peek of the 2017 Data Breach Digest Scenario. The issue escalated because the school's help desk had initially blown off the complaints of students about the network connectivity, which was either slow or inaccessible.
According to Verizon's article, the university's IT Security Team continued to receive an increasing number of complaints from students. The team discovered that the name servers, which were responsible for Domain Name Service (DNS) lookups, were creating high-volume alerts and had an abnormal number of sub-domains related to seafood.
With this, while the servers struggled to keep up with the volume, legitimate lookups were being ignored. This resulted to a prevention of access to the Internet and explained the "slow network" issues.
What was more worrying, however, was the source of the unusual DNS lookups and its scale. The university's IT team did a firewall analysis and found that more than 5,000 discrete systems were making hundreds of DNS lookups every 15 minutes. Moreover, majority of the systems were found to be in the part of the school's network focused on its IoT infrastructure.
The university had connected everything that can be connected to its network from light bulbs to vending machines for easier management and monitoring. These IoT systems should have been isolated from the rest of the network but they were all configured to use DNS servers in a different subnet.
The school's RISK (Research, Investigations, Solutions and Knowledge) team revealed that the botnet spread from several devices by "brute forcing default and weak passwords." Once it had the device's password, the malware already had full control of the IoT device.
Universities and colleges need to be vigilant of this type of vulnerability since they will continue to use IoT devices. Mashable noted that, currently, there are over 6 billion IoT devices that are running. That figure is expected to reach over 20 billion by 2020.
Join the Conversation