Man-in-the-middle: An attacker breaches, interrupts or spoofs communications between two systems. For example, fake temperature data ‘generated’ by an environmental monitoring device can be spoofed and forwarded to the cloud. Similarly, an attacker can disable vulnerable HVAC systems during a heat wave, creating a disastrous scenario for service providers with affected models.
Data & identity theft: Data generated by unprotected wearables and smart appliances provide cyber attackers with an ample amount of targeted personal information that can potentially be exploited for fraudulent transactions and identify theft.
Device hijacking: The attacker hijacks and effectively assumes control of a device. These attacks are quite difficult to detect because the attacker does not change the basic functionality of the device. Moreover, it only takes one device to potentially re-infect all smart devices in the home. For example, an attacker who initially compromises a thermostat can theoretically gain access to an entire network and remotely unlock a door or change the keypad PIN code to restrict entry.
Distributed Denial of Service (DDoS): A denial-of-service attack (DoS attack) attempts to render a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. In the case of a distributed denial-of-service attack (DDoS), incoming traffic flooding a target originates from multiple sources, making it difficult to stop the cyber offensive by simply blocking a single source. In fact, DDoS attacks doubled from 3% to 6% in 2016, primarily due to the lack of security in IoT Devices. This isn’t surprising, especially as a single compromised smart sensor on a network can infect similar devices running the same software. These infected devices are then forced to join vast botnet armies that execute crippling DDoS attacks.
Permanent Denial of Service (PDoS):Permanent denial-of-service attacks (PDoS), also known as phlashing, is an attack that damages the device so badly that it requires replacement or reinstallation of hardware. BrickerBot, coded to exploit hard-coded passwords in IoT devices and cause permanent denial of service, is one such example. Another example could see fake data fed to thermostats in an attempt to cause irreparable damage via extreme overheating.