“Alexa, what’s the weather” has become a routine phrase heard in many homes today. The importance of being able to control devices remotely through voice commands, mobile devices, and computers, has become a common feature of convenience for consumers.
While the ease of connectivity among devices is attractive to consumers, a vulnerability or compromise of one device could impact all. By penetrating an IoT device, a threat actor could then focus on the network, target the router, and discover additional and possibly more important devices to compromise, including computers that may interact with corporate networks.
This report investigates the malicious activity and discussions on the underground surrounding some of these devices, including hacking tools for acquiring password and login information for trolling purposes, as well as the risks associated with IoT devices.