IoT Hall-of-Shame

A collage of various devices that not only can be hacked, but already have been.

Devices that have been hacked

Welcome to the IoT Hall-of-Shame
With the rise of internet enabled devices in the Internet of Things or IoT the need for software security is becoming even more important. Unfortunately many device makers seem to put security on the back burner or not even understand the basics of cybersecurity. Some call it the Internet of Evil Things.

I am maintaining here a list of known hacks for “things” (Iot, IIoT, SCADA, ICS) based on the date that the hack was published. Please assist – if you’re aware of additional “thing”-hacks please let me know in the comments at the bottom of the page or on Twitter.

2018 Incidents
Previous: 2017201620152014201320122011
201020092008

BMW cars with internet connection 2018-06
electronic collar dog in front of white background Pet tracker 2018-05
Industrial switches (patch available) 2018-05

Router with fiber optic cables

 Fiber routers (GPON routers) 2018-05
2018 VW Volkswagen Golf in Blue

2018 VW Golf

 Volkswagen cars (Golf GTE and Audi A3) 2018-05

X-ray machine

 X-ray machines 2018-04

electronic door lock

 VingCard electronic lock 2018-04
POS Terminal with credit card isolated on a white background POS terminal card readers 2018-03
mobile camera lens on black background Hanwha SmartCam security cameras 2018-03
Smart home hubs 2018-02
Brown electric guitar amplifier isolated on white background Fender guitar amp 2018-02
Artificial cardiac pacemaker, 3D rendering isolated on white background Pacemakers and IDCs (again, or is it still?) 2018-02

Smart electric meter

 Smart meters 2018-02
hands holding Sex Toys card isolated on white Sex toys from Amor Gummiwaren 2018-02
Western digital MyCloud drives 2018-02
Dell Vmax storage 2018-02
ZyXEL modem 2018-02
Siemens TeleControl 2018-02
Stack of Cisco networking hardware Cisco security appliances (apply your patches now!) 2018-02
Amazon key door lock (again) 2018-02
key panel fake cover over real ATM key panel

Credit card skimmer

 credit card readers 2018-02
MRI and CT scanners 2018-02
baby monitor camera on hand in front of sleeping baby Mi-Cam baby monitor 2018-02
Curved TV with smart apps on screen Roku-based smart TVs 2018-02

Sony camera firmware 2018-02
Oracle POS 2018-01
mobile phone app, gym equipment: yoga mat, blue dumbbells, bottle of water and measuring tape isolated on white Strava fitness app 2018-01

ATM

 ATM machines (again) 2018-01
Lenovo fingerprint scanners 2018-01
Woman hand swiping credit card at gas pump station. Gas pumps 2018-01
Schneider Electric Triconex 2018-01

Network switch and UTP ethernet cables

 Lenovo switches (fixed) 2018-01
industrial control sysstems (scada) (via apps) 2018-01
industrial ethernet switches 2018-01
Western Digital “MyCloud” NAS drives (vendor backdoor) 2018-01
GPS trackers (via online APIs) 2018-01


2017 Incidents

wireless speakers (Sonos and Bose) 2017-12
Furby toy 2017-12
Rockwell FactoryTalk software (patch now) 2017-12

Gun Safety Using Gun Safe

 electronic handgun safe 2017-12

inputing passwords on an electronic door lock

 keyless entry lock 2017-12
Huawei router 2017-12
Lexmark printers 2017-12
Office heating systems 2017-12

Digital pen

 Smart pen (in hospital) 2017-12
Mercedes car keys 2017-11
OnePlus phone (vendor backdoor) 2017-11
Amazon Key 2017-11

CPU processor

 Intel Chip 2017-11
DJI Drone (attacking security researchers) 2017-11
Foscam security cameras (again) 2017-11
Boeing 757 (remote access) 2017-11
Subaru key fob 2017-11
hands holding Sex Toys card isolated on white Lovense vibrator (via phone app) 2017-11
Logitech Harmony (vendor bricked) 2017-11
Brother printers 2017-11
Circle with Disney parental control system 2017-10
LG SmartQ appliances 2017-10
Hikvision cameras 2017-10
FLIR thermal cameras 2017-10
Siemens smart meters 2017-10
Brother printers 2017-10
IP camera (creepy story!) 2017-10
hands holding Sex Toys card isolated on white Sex toys 2017-10
Electronic road sign (again) 2017-09
Smarthome hubs 2017-09
FitBit (again) 2017-09
Netgear routers 2017-09
Electronic road sign (again) 2017-09
D-Link wireless routers 2017-09
Syringe Infusion Pump (from Smith Medical) 2017-09
home modems (from Arris, distributed through AT&T) 2017-08
refrigerator and smart phone app to control it Smart refrigerators (used for botnet) 2017-08

3d rendering point of sale system for store management

 SAP POS systems 2017-08

Network switch and UTP ethernet cables

 Network switches (via Cisco IOS) 2017-08
Pleasant big robot holding cup of coffee while looking aside Home robots (various models) 2017-08
Repairman cleaning smartphone screen

Repairman cleaning smartphone screen

 Smartphone (via replacement screen) 2017-08
LockState smart door locks (bricked by ota update) 2017-08
blue network router showing ports to plugin cables Juniper routers and switches 2017-08
Solar panels 2017-08
Ship GPS 2017-08
Shenzhen Neo security cameras 2017-08

Close up photo of the car electrical system

 Automotive CAN BUS 2017-08
Car TCUs (various models) 2017-08
3D rendered molecule Siemens medical scanners 2017-08
city billboard 2017-08
Radiation Portal Monitors 2017-08
Coffee maker (used to infect factory) 2017-07
row of printers on an office shelf Networked printers 2017-07

ATM

 Diebold ATM 2017-07
Car GPS 2017-07
red tesla model s electric car Tesla Model S (GPS) 2017-07
smart gun 2017-07
IP cameras 2017-07
office security badge being swiped office security badge 2017-07
Grey car during washing process Car wash 2017-07

2008 touch screen voting machine equipped for blind, deaf, wheelchair and other disabilities. Used in Florida and other states.

 USA voting machines 2017-07
Woman hand swiping credit card at gas pump station. Gas pump card reader 2017-07
Tesla Model X (remote takeover) 2017-07
IV pump 2017-07
e-cigarette (japanese) 2017-07

goldfish jumping to new tank

 fish tank (network access) 2017-07
red tesla model s electric car Tesla (again) 2017-07

red hoverboard or self-balancing scooter

 Hoverboards 2017-07
home alarm system 2017-07
Humax WiFi router 2017-07
CIA in-house vending machines 2017-06
Virgin Media router 2017-06
CloudsPets stuffed cat 2017-06
WiMAX routers (various) 2017-06
Foscam security cameras many models 2017-06
SD-WAN routers (fixed) 2017-06
Digital signage in Union Station 2017-05
Rockwell PLC 2017-05
Insulin pump from Animas 2017-05
Digital billboard 2017-05
Pacemaker ecosystem 2017-05
OnePlus phones 2017-05
Hikvision IP camera 2017-05
travel router 2017-04

Smart electric meter

 Smart electricity meters 2017-04
Hyundai cars with blue link 2017-04
Linksys routers (20 models) 2017-04
Bosch OBD-II car dongle 2017-04
AGA Oven 2017-04
Home routers (turn off external config access) 2017-04
Cisco access points 2017-04
Cellular modem TP-LINK 2017-04

By Leif Skoogfors (This image is from the FEMA Photo Library.) [Public domain], via Wikimedia Commons

 City Sirens 2017-04
Garage door via it’s vendor 2017-04
Smartphones and tablets via Broadcom WiFi chips 2017-04
Schneider Electric Modicon controller 2017-04
Siime Eye vibrator 2017-04
Siemens PLC 2017-03
Most Smart TVs 2017-03
Dishwasher 2017-03
Google Nest Cam 2017-03
FitBit and others 2017-03
Telepresence robots 2017-03
Dahua CCTV, IP Camera, DVR 2017-03
WD network drive 2017-03
ACTi Cameras 2017-03
Dbltek GoIP (voip) 2017-03
robotic arm for a factory Factory robots 2017-03
Teddy bear 2017-02
Smart coffee maker 2017-02
Cayla Doll 2017-02
Medical devices 2017-02
Public USB chargers (again) 2017-02
Android car apps 2017-02
Slot machines 2017-02
Vizio smart TV spyware – not hack 2017-02
ATM machines via memory malware 2017-02
Vending machines 2017-02
Honeywell Scada Controller 2017-02
Cisco Prime Home 2017-02
Hotel door locks 2017-01
row of printers on an office shelf Printers various brands 2017-01
St Jude Medical Cardiac devices again (or still) 2017-01
Samsung Galaxy phones 2017-01
Netgear routers 2017-01
Network DVR 2017-01

ATM

 ATM machines 2017-01
Cisco TelePresence MCU 2017-01
USB charger 2017-01
iPhone running iOS 10 2017-01
Samsung SmartCam 2017-01
Juniper SRX firewalls 2017-01
D-Link routers & IP cameras 2017-01
LG Smart TV 2017-01


2016 Incidents

medical heart pacemaker implant Various medical devices 2016-12
Siemens automation products 2016-12
iPhone via iMessage 2016-12
Various wireless routers 2016-12
airline inflight entertainment 2016-12
NAS drive 2016-12
Solar power meter 2016-12
Netgear routers R6400 and R7000 2016-12
Sony IP security cameras 2016-12
GPS mobile devices 2016-12
AirDroid AirDroid android remote mgmt 2016-12
red tesla model s electric car Tesla Model S (smartphone app) 2016-11
Belkin switches 2016-11
Siemens IP camera

Siemens IP camera

 Siemens CCTV camera 2016-11
Smart light bulb

Smart light bulb

 Philips Hue smart bulbs 2016-11
iPhone 6 iPhone 2016-11
iOS iOS via bad video 2016-11
LG G4 android smartphone Android phones 2016-11
CA Infrastructure Management Performance Center CA Unified Infrastructure Manager 2016-11
Google Pixel Google Pixel smartphone 2016-11
WeMo smart switch overview WeMo switches via Android app 2016-11
3d printer generic dreamstime_m_37892325 Drone via 3D printer 2016-10
Cisco VOIP phone

Cisco VOIP phone

 VOIP – internet phones 2016-10
Google Nexus 6p Google Nexus 6p phone 2016-10
Cisco Nexus 7000 Switch Cisco switches 2016-10
Motion sensor Security systems 2016-10
Nextbit Robin Android smartphones built by Foxconn 2016-10
iOS iOS devices 2016-10
St Jude Medical Pacemaker Pacemaker 2016-10
sony security camera Security camera 2016-10
smart thermostat with various temperature displays HVAC – environment control systems 2016-10
DVR DVR 2016-10
Cisco IronPort email security appliance Cisco email appliance (again) 2016-10
Schneider industrial firewall Industrial firewall 2016-10
Defibrillator implant Heart implant device 2016-10
Lexmark cs725 printer Lexmark printer software 2016-10
speeding camera Traffic cameras 2016-10
Dell SonicWall Email Security Appliance Email Security Appliance 2016-10
Animas OneTouch Insulin Pump Insulin pump 2016-10
red tesla model s electric car Tesla Model S (remote control) 2016-09
Sony Infotainment Auto infotainment system 2016-09
USB malware product

USB malware product

 USB Killer 2016-09
D-Link DWR-932 B mobile router D-Link DWR-932 B mobile router 2016-09
Cisco IronPort email security appliance Cisco email security appliances 2016-09
red tesla model s electric car Tesla Model S 2016-09
red tesla model s electric car Tesla Model S (security system) 2016-08
Credit card with chip Credit card chip 2016-08
White Jeep Wrangler vehicle

Jeep Wrangler

 Jeep 2016-08
ATM keypad PIN pads 2016-08
android smartphone Android smartphones 2016-08
ATM

ATM

 ATM (windows-based) 2016-08
iPhone 6 iPhone 2016-08
Moxa network device Moxa serial servers and IP gateways 2016-08
electric smart plug Internet connected plug 2016-08
web camera Web camera 2016-08
Electronic Safe Electronic safe 2016-08
Kiwkset bluetooth smart lock Bluetooth smart locks 2016-08
We-vibe vibrator We-Vibe vibrator 2016-08
Volkswagen Scirocco 2011 Volkswagen VW cars 2016-08
smart thermostat Smart thermostat ransomware 2016-08
White Jeep Wrangler vehicle

Jeep Wrangler

 Jeep 2016-08
Microsoft wireless keyboard

Microsoft wireless keyboard

 Wireless keyboards 2016-07
iPhone 6 iPhone and other Apple Devices 2016-07
kettle and smartphone

Smart-kettle

 Tea Kettle giving access to secure network 2016-07
Riverbed network appliance Riverbed network appliances 2016-06
Mitsubishi Outlander PHEV Mitsubishi Outlander PHEV SUV 2016-06
D-Link mydlink router D-Link mydlink devices 2016-06
Netgear router WNDR3400 Netgear routers 2016-06
D-Link WiFi camera DCS-930L D-Link WiFi camera 2016-06
Cisco RV wireless router Cisco RV wireless router 2016-06
parking lot camera security cameras 2016-06
Pictures of cooling towers and steam at nuclear power plant Nuclear Power Plant 2016-06
Samsung SmartThings Samsung SmartThings 2016-05
ESC 8832 data controller ICS data controller used in power plants 2016-05
CCTV camera

CCTV camera

 CCTV BotNet 2016-05
LG G4 android smartphone LG Smartphones 2016-05
MEDHOST medical software MEDHOST software 2016-05
Samsung Smart TV Smart TV cameras 2016-05
electronic road sign Electronic road sign 2016-05
iPhone 6 iOS devices iPhone iPad via Sandjacking 2016-05
USB charger USB phone charger 2016-05
Ring smart doorbell Smart doorbell 2016-05
POS cardreader

POS cardreader

 Windows based POS systems 2016-05
android smartphone ARM based android devices 2016-05
android smartphone Android phones via SMS 2016-05
Samsung smart door lock Smart door lock 2016-05
MUZO Cobblestone WiFi audio receiver WiFi audio receiver 2016-04
vibrator motor from htc one m8 Vibrator 2016-04
ATM instant teller ATM machines 2016-04
Microsoft wireless mouse Wireless mouse (MouseJack) 2016-04
traffic light sensor Traffic sensor 2016-04
cell tower Cellular signalling 2016-04
Quanta router Quanta router 2016-04
sony security camera Security cameras 2016-04
Surfboard SB6141 Modem Surfboard Modem 2016-04
HID door controller HID door controllers 2016-04
Stack of Cisco networking hardware Cisco FirePower Firewall 2016-04
wireless mouse and dongle wireless mouse 2016-04
CCTV camera

CCTV camera

 Surveillance cameras 2016-03
car key remote Car key remote 2016-03
USB drive USB trojan 2016-03
row of printers on an office shelf college internet-enabled printers 2016-03
usb modem Mobile modems 2016-03
android green robot icon with stagefright written on it Android devices – new stagefright 2016-03
rs232 serial port on ethernet device serial servers 2016-03
black cable router Optus cable router 2016-03
smartphone fingerprint reader Smartphone fingerprint reader via inkjet printer 2016-03
smart light switch smart light switch 2016-03
android smartphone Many android devices 2016-03
iPhone 6 iPhone and iPad 2016-03
Magnetic Near-Field probe Android and iOS phones 2016-03
3d printer generic dreamstime_m_37892325 3D printers 2016-03
U8 smart watch U8 smart watch 2016-03
police drone Police drone 2016-03
HP wireless printer Envy 7640 Wireless printers 2016-02
smartphone fingerprint Smartphone fingerprint scanners via clay digit 2016-02
Nissan Leaf Nissan Leaf electric car 2016-02
Logitech wireless mouse Wireless mice and keyboards 2016-02
car volvo Volvo cars 2016-02
Bluecar electric car Bluecar electric car 2016-02
DVR DVR 2016-02
SimpliSafe smart alarm SimpliSafe smart alarm 2016-02
smart thermostat with various temperature displays Trane thermostat 2016-02
GPS satellite floating above the blue earth in the background. GPS satellite 2016-02
Smart bear toy Fisher-Price smart bear 2016-02
US Customs and Border Patrol drone US Border Patrol drone 2016-01
Ring smart doorbell Ring smart doorbell 2016-01
Foscam baby monitor

Foscam baby monitor

 Foscam baby monitor 2016-01


2015 Incidents

Barbie doll

Barbie doll

 Barbie doll 2015-12
ATM cash machine ATM cash machine 2015-11
MobiGo toy from VTech

MobiGo toy from VTech

 MobiGo toy 2015-11
POS cardreader

POS cardreader

 POS Point-of-sale systems 2015-11
HP wireless printer Envy 7640 WiFi office printer via drone 2015-10
airbag after crash

airbag after crash

 Auto airbags 2015-10
Fitbit bracelet

Fitbit courtesy of USCPSC – CC 2.0

 Fitbit fitness bracelet 2015-10
CCTV camera

CCTV camera

 CCTV cameras – various models 2015-10
kettle and smartphone

Smart-kettle

 kettles 2015-10
Car LIDAR (Radar) 2015-09
istan medical mannequin Pacemaker on iStan medical robot 2015-09
Progressive Insurance Snapshot Car Insurance Tracking device 2015-08
car phone bluetooth sync Car bluetooth – The Car Whisperer 2015-08
Tesla model S Tesla Model S car 2015-08
WiFi enabled oven Wifi oven – leading to electrical grid 2015-08
Corvette Corvette brakes 2015-08
Parrot AR drone Parrot AR drone 2015-08
map displayed on dashboard GPS unit Car GPS 2015-08
Pancreas X-ray Artificial pancreas 2015-08
car remote car remote key 2015-08
Samsung smart refrigerator

Samsung smart refrigerator

 Samsung smart refrigerator 2015-08
linux powered rifle Linux-powered rifle 2015-07
GM OnStar buttons GM OnStar via app 2015-07
Ford Escape Ford Escape 2010 2015-07
Smartwatch

Smartwatch

 Smartwatches – various 2015-07
White Jeep Wrangler vehicle

Jeep Wrangler

 Car – Jeep 2015-07
Silver Toyota Prius Hybrid Car on angle Toyota Prius 2010 2015-07
Brinks safe

Brinks safe

 Safe 2015-07
Brain implant Brain implant 2015-06
ASUS router ASUS home routers 2015-04
Hospira LifeCare PCA pump Hospira LifeCare PCA drug infusion pump 2015-04
USB-C port on Apple MAC computer

USB-C port

 USB-C port on Apple MAC computers 2015-04
Cisco VOIP phone

Cisco VOIP phone

 Cisco VOIP phones 2015-03
Blu-ray Disc

Blu-ray Disc

 Blu-Ray discs 2015-03
ATM

ATM

 ATM 2015-02
Samsung Smart TV

Samsung Smart TV

 Samsung Smart TV 2015-02
gas station

gas station

 Gas station tank gauges 2015-01
Microsoft wireless keyboard

Microsoft wireless keyboard

 Security Sidebar: Hacking Wireless Keyboards 2015-01
ATM instant teller ATM via metal card 2015-01


2014 Incidents

USB microcontroller on chain

USB micro-controller

 USB port on Apple MAC computers 2014-12
ATM keypad ATM machine 2014-11
key panel fake cover over real ATM key panel

Credit card skimmer

 Credit card readers – skimmers on ATMs and gas pumps 2014-10
Canon Pixma printer

Canon Pixma printer

 Canon Pixma printer 2014-09
Traffic light

Traffic light

 traffic lights 2014-08
Nest thermostat

Nest thermostat

 Thermostat – Nest 2014-08
LIFX smart lightbulb

LIFX smart lightbulb

 Light bulb – LIFX 2014-07
HbbTV enabled television HbbTV enabled TV 2014-06
DEKA cyborg/mechanical arm DEKA Cyborg mechanical arm 2014-06
road sign that was hacked, now warning of zombies ahead.

Hacked road sign

 Road signs 2014-06
hospital equipment iot">Hospital equipment (various) 2014-04
ASUS router ASUS home routers 2014-02
Estimote bluetooth advertising beacon 2014-01
SD card

SD card

 SD cards 2014-01


2013 Incidents

Parrot AR drone Consumer drones via SkyJack 2013-12
baby monitor and smartphone app

Belkin baby monitor and smartphone app

 Belkin baby monitors 2013-10
Philips Hue smart lightbulb Philips Hue light bulbs 2013-08
Satis smart toilet Satis Smart Toilet 2013-08
Insteon smart home hub Insteon smart home hub 2013-07
medical devices 300 medical devices 2013-06
Smart electric meter

Smart electric meter

 Electricity smart meters 2013-06
Canon 1DX camera Canon camera 2013-03
SpaceLabs ICS-Xprezz SpaceLabs patient monitoring app 2013-01


2012 Incidents

pacemaker x-ray

pacemaker x-ray

 pacemakers (and other medical devices) 2012-12
DSL modem DLS modems 2012-10


2011 Incidents

smart thermostat Thermostat (US Chamber of Commerce) 2011-12
HP laserjet printer Printer (US Chamber of Commerce) 2011-12
hp printer with paper coming out

HP printer

 HP printers 2011-12
HP laserjet printer HP LaserJet printers 2011-11
water treatment plant Water treatment plant 2011-11
waste water treatment pipe

waste water treatment pipe

 sewage treatment plant 2011-11
Bottle of insulin and small blue handheld insulin pump Medtronic wireless insulin pump 2011-10
Car CD player Car CD players 2011-03


2010 Incidents

Tire pressure monitoring system - TPMS sensor Tire pressure monitoring systems – TPMS 2010-08
ATM spitting cash ATM machine 2010-07


2009 Incidents

2009 Chevy Impala dash

2009 Chevy Impala dash

 OnStar – 2009 Chevrolet Impala
video		 2009 discovered
2015 fixed


2008 Incidents

Home router Home routers 2008-06
Defibrillator implant Heart devices – defibrillators and pacemakers 2008-03

For more security info check out the security resources page and a few of these books can help.
Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development,

Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine,

Software Test Attacks to Break Mobile and Embedded Devices (Chapman & Hall/CRC Innovations in Software Engineering and Software Development Series)