That’s What We Call a Snack Attack: Hackers Gain Access Through Vending Machines

The internet of things has produced some really cool innovations. From lamps that come on when you drive up to your house to countertop crock pots that you can turn on and off from your desk at work, our connected lives are easier than ever.

But the power of the internet isn’t just for convenience. The information contained in medical implants can be viewed by the patient’s doctor while he’s away on vacation. Farmers can monitor their crops from anywhere, and business executives can print out critical reports from home, knowing they’ll be waiting on their desks come Monday morning.

What’s the downside to all this great innovation? Privacy and security. Data breaches and cybercrime. As we’ve already had to learn the hard way, our IoT devices may have come pre-installed with wide open doors for hackers to walk through.

The latest cyberattack to come through this kind of connectivity relied on perhaps the strangest form of entry, one that no one would ever have suspected: light bulbs and vending machines. A university recently suffered a DDoS attack when hackers gained access to the vending machines and smartbulbs that had been configured to connect to the network. Once they accessed these unsecured machines, they launched an effective attack that slowed down the entire university network. Five thousand IoT-connected devices were reconfigured to begin searching the internet…for seafood.

With all of the minicomputers inside the devices running DNS web searches for seafood on a constant loop, the network got so bogged down that no one could use it. While it might sound amusing on the surface, it’s the same mechanism that was put into place last October to shut down about a dozen major websites, including the New York Times, Twitter, and Spotify. In theory, your bank’s light bulbs could turn against the network in the same way, meaning you no longer have access to money until it’s resolved. Your local hospital’s vending machines could launch an attack the would literally stop all medical procedures in their tracks, which is bad news for a patient on an operating table.

Security experts and lawmakers are currently working together on legislation that’s meant to secure IoT devices, but it’s important for all stakeholders to understand the risks. The race to create innovative new devices doesn’t always mean privacy and security are as strong as they should be, so it’s up to everyone involved to monitor their tech and be ready for the next cyberattack.