Will a robot vacuum also steal your Bitcoin?

CN
深潮TechFlow
Follow
3 hours ago

The robot vacuum is watching you.

Author: Felix Ng

Translated by: Deep Tide TechFlow

Summary: Stolen passwords? Maybe it was your robot vacuum.

Smart robot vacuums and other smart home devices are easily hacked to record your password inputs or mnemonic phrases.

Imagine waking up one morning to find your robot vacuum out of control, your refrigerator demanding ransom, and your cryptocurrency and bank account funds completely drained.

This is not a scene from Stephen King's 1986 horror film "Maximum Overdrive," which tells the story of a rogue comet triggering a global machine killing spree.

Instead, it reflects the real risks that could arise if hackers infiltrate your computer through smart devices in your home. With the number of global Internet of Things (IoT) devices expected to reach 18.8 billion, and an average of about 820,000 IoT attacks occurring daily, the likelihood of such scenarios is increasing.

"Unsecured IoT devices (like routers) can serve as entry points for infiltrating home networks," said Tao Pan, a researcher at blockchain security firm Beosin, in an interview.

As of 2023, the average American household has 21 connected devices, with one-third of smart home device consumers experiencing data breaches or scams in the past 12 months.

"Once hacked, attackers can move laterally to access connected devices, including computers or phones used for cryptocurrency trading, and can capture login credentials between devices and exchanges. This is particularly dangerous for users trading cryptocurrency via APIs," he added.

So, what information can hackers steal from your home, and what damage can they cause?

Magazine has compiled some of the most bizarre hacking incidents from recent years, including a case where a door access sensor was hacked to mine cryptocurrency. We also gathered some practical advice for protecting data and cryptocurrency security.

Hacking a Coffee Machine

In 2019, Martin Hron, a researcher at cybersecurity firm Avast, demonstrated how easily hackers can access home networks and their devices.

He chose a simple target: remotely hacking his own coffee machine.

Hron explained that, like most smart devices, the coffee machine used default settings, allowing it to connect to WiFi without a password, making it easy to upload malicious code to the machine.

"Many IoT devices first connect to the home network through their own WiFi network, which is only used to set up the device. Ideally, consumers would immediately password-protect that WiFi network," Hron explained.

"But many devices come from the factory without a password to protect the WiFi network, and many consumers also do not set a password," he added.

Original video link: Click here

"I can do whatever I want because I can replace the firmware, which is the software that operates the coffee machine. And I can replace it with anything I want. I can add features, remove features, and even break built-in security measures. So, I can do whatever I want," he said in a video released by Avast.

In his demonstration, Hron displayed a ransom note through the coffee machine, locking the device and making it unusable unless a ransom was paid.

You can choose to turn off the device, but that means you won't be able to have coffee anymore.

(Avast/YouTube)

However, beyond displaying a ransom note, the coffee machine could also be used to perform more malicious actions, such as turning on heaters to create fire hazards or spraying boiling water to threaten victims.

More frighteningly, it could quietly become an entry point into the entire network, allowing hackers to monitor your bank account information, emails, or even cryptocurrency mnemonic phrases.

Hacking a Casino Fish Tank

One of the most famous cases occurred in 2017 when hackers infiltrated a connected fish tank in the lobby of a Las Vegas casino, transmitting 10GB of data.

The fish tank was equipped with sensors to regulate temperature, feed, and clean, which were connected to a computer on the casino's network. Hackers accessed other areas of the network through the fish tank and sent data to a remote server in Finland.

The fish tank might look like this.

(Muhammad Ayan Butt/ Unsplash)

Despite the casino deploying standard firewalls and antivirus software, the attack was still successful. Fortunately, the attack was quickly identified and addressed.

Darktrace CEO Nicole Eagan told the BBC at the time: "We stopped it immediately, and there was no damage." She also added that the growing number of internet-connected devices means "it's a hacker's paradise."

Door Sensors Can Also Secretly Mine

In 2020, during the global office shutdown due to the COVID-19 pandemic, cybersecurity firm Darktrace discovered a secret cryptocurrency mining incident—hackers used a server controlling biometric access to the office for illegal mining.

The incident was flagged when the server downloaded suspicious executable files from an external IP address that had never appeared on the network. Subsequently, the server connected multiple times to external endpoints associated with the privacy token Monero mining pool.

This type of attack is known as “cryptojacking”, and Microsoft's threat intelligence team discovered more such attacks in 2023, with hackers targeting Linux systems and connected smart devices.

Microsoft's investigation found that attackers would initiate attacks by brute-forcing internet-connected Linux and IoT devices. Once inside the network, they would install backdoor programs and then download and run cryptocurrency mining malware. This not only leads to skyrocketing electricity bills but also diverts all mining profits directly to the hacker's wallet.

Cases of cryptojacking are numerous, with one of the latest involving embedding cryptojacking code into a forged 404 HTML page.

Hacking Smart Devices: Destroying the Power Grid

Even more frightening, security researchers at Princeton University have proposed a hypothesis: if hackers could control enough high-energy devices, such as 210,000 air conditioners, and turn them on simultaneously, it could lead to a blackout affecting a population equivalent to California—about 38 million people.

(Unsplash)

These devices would need to be concentrated in a specific part of the power grid and turned on simultaneously to overload the current in certain power lines, damaging or triggering protective relays on the lines to shut down. This would shift the load to the remaining lines, further stressing the power grid and ultimately triggering a chain reaction.

However, this scenario would require precise malicious timing, as fluctuations in the power grid are common during special weather events (like heatwaves).

The Robot Vacuum is Watching You

Last year, robot vacuums in several locations across the U.S. suddenly began to activate on their own. It turned out that hackers had discovered a serious security vulnerability in a Chinese-made Ecovac robot vacuum.

Reports indicated that hackers could remotely control these devices to intimidate pets, shout obscenities at users through built-in speakers, and even use built-in cameras to spy on users' home environments.

An image from a hacked Ecovac robot vacuum showing a real-time view.

(ABC News)

“One serious issue with IoT devices is that many manufacturers still pay insufficient attention to security issues,” said cybersecurity company Kaspersky.

It is evident that if hackers gain access to video footage of you entering passwords or recording mnemonic phrases, the consequences could be dire.

How to Protect Yourself from Smart Device Hacking?

Looking around, you may find that almost all devices in your home are connected to the internet—robot vacuums, digital photo frames, doorbell cameras. So how can you secure your Bitcoin?

One option is to adopt the approach of professional hacker Joe Grand: completely avoid using any smart devices.

“My phone is the smartest device in my home, but even then, I’m reluctant to use it, only for navigation and communicating with family,” he once told Magazine, “but smart devices? Absolutely not.”

Hron from Avast suggests that the best way is to ensure that passwords are set for smart devices and to avoid using default settings.

Other experts recommend using a separate guest network for IoT devices, especially those that do not need to share a network with computers and phones; disconnecting devices when not in use; and keeping software updated in a timely manner.

Additionally, there is a networked fee-based search engine that can help users check for connected devices in their homes and any potential vulnerabilities.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarPANews
9 minutes ago
Is the September decline actually a golden pit? Historical data reveals: all five major bull markets of Bitcoin started in October.
avatar
avatarCoin Gabbar
28 minutes ago
Cathie Wood Bitcoin Outlook Gain Strength Amid Market Predictions
avatar
avatarPANews
38 minutes ago
Weekly Preview | FTX conducts third bankruptcy distribution, paying an additional $1.6 billion to creditors; Starknet will launch BTC staking feature on the mainnet.
avatar
avatarOdaily星球日报
1 hour ago
Conference Guide: TOKEN2049 Singapore 2025
avatar
avatarPANews
1 hour ago
The bull market is far from over? The current pullback is indeed healthy, and various indicators have not yet reached their peak.
APP

X

Telegram

Facebook

Reddit

CopyLink