
Devices that have been hacked
Welcome to the IoT Hall-of-Shame
With the rise of internet enabled devices in the Internet of Things or IoT the need for software security is becoming even more important. Unfortunately many device makers seem to put security on the back burner or not even understand the basics of cybersecurity. Some call it the Internet of Evil Things.
I am maintaining here a list of known hacks for “things” (Iot, IIoT, SCADA, ICS) based on the date that the hack was published. Please assist – if you’re aware of additional “thing”-hacks please let me know in the comments at the bottom of the page or on Twitter.
Previous years: 2018 –
2017 – 2016 – 2015 – 2014 – 2013 – 2012 – 2011
2010 – 2009 – 2008
![]() |
Ubiquiti network devices | 2019-02 |
![]() |
Electric scooter | 2019-02 |
![]() |
Nest camera | 2019-02 |
![]() ATM |
ATM machines | 2019-02 |
![]() |
Video conferencing devices | 2019-02 |
![]() |
Smart watch for children | 2019-02 |
![]() LIFX smart lightbulb |
LIFX smart light bulb | 2019-02 |
![]() |
NEST security camera and thermostat | 2019-02 |
![]() |
NEST security camera | 2019-01 |
![]() |
Cranes | 2019-01 |
![]() |
Chromecast | 2019-01 |
![]() |
Smart TVs | 2019-01 |
![]() |
wireless speakers (Sonos and Bose) | 2017-12 |
![]() |
Furby toy | 2017-12 |
![]() |
Rockwell FactoryTalk software (patch now) | 2017-12 |
![]() Gun Safety Using Gun Safe |
electronic handgun safe | 2017-12 |
![]() inputing passwords on an electronic door lock |
keyless entry lock | 2017-12 |
![]() |
Huawei router | 2017-12 |
![]() |
Lexmark printers | 2017-12 |
![]() |
Office heating systems | 2017-12 |
![]() Digital pen |
Smart pen (in hospital) | 2017-12 |
![]() |
Mercedes car keys | 2017-11 |
![]() |
OnePlus phone (vendor backdoor) | 2017-11 |
![]() |
Amazon Key | 2017-11 |
![]() CPU processor |
Intel Chip | 2017-11 |
![]() |
DJI Drone (attacking security researchers) | 2017-11 |
![]() |
Foscam security cameras (again) | 2017-11 |
![]() |
Boeing 757 (remote access) | 2017-11 |
![]() |
Subaru key fob | 2017-11 |
![]() |
Lovense vibrator (via phone app) | 2017-11 |
![]() |
Logitech Harmony (vendor bricked) | 2017-11 |
![]() |
Brother printers | 2017-11 |
![]() |
Circle with Disney parental control system | 2017-10 |
![]() |
LG SmartQ appliances | 2017-10 |
![]() |
Hikvision cameras | 2017-10 |
![]() |
FLIR thermal cameras | 2017-10 |
![]() |
Siemens smart meters | 2017-10 |
![]() |
Brother printers | 2017-10 |
![]() |
IP camera (creepy story!) | 2017-10 |
![]() |
Sex toys | 2017-10 |
![]() |
Electronic road sign (again) | 2017-09 |
![]() |
Smarthome hubs | 2017-09 |
![]() |
FitBit (again) | 2017-09 |
![]() |
Netgear routers | 2017-09 |
![]() |
Electronic road sign (again) | 2017-09 |
![]() |
D-Link wireless routers | 2017-09 |
![]() |
Syringe Infusion Pump (from Smith Medical) | 2017-09 |
![]() |
home modems (from Arris, distributed through AT&T) | 2017-08 |
![]() |
Smart refrigerators (used for botnet) | 2017-08 |
![]() 3d rendering point of sale system for store management |
SAP POS systems | 2017-08 |
![]() Network switch and UTP ethernet cables |
Network switches (via Cisco IOS) | 2017-08 |
![]() |
Home robots (various models) | 2017-08 |
![]() Repairman cleaning smartphone screen |
Smartphone (via replacement screen) | 2017-08 |
![]() |
LockState smart door locks (bricked by ota update) | 2017-08 |
![]() |
Juniper routers and switches | 2017-08 |
![]() |
Solar panels | 2017-08 |
![]() |
Ship GPS | 2017-08 |
![]() |
Shenzhen Neo security cameras | 2017-08 |
![]() Close up photo of the car electrical system |
Automotive CAN BUS | 2017-08 |
![]() |
Car TCUs (various models) | 2017-08 |
![]() |
Siemens medical scanners | 2017-08 |
![]() |
city billboard | 2017-08 |
![]() |
Radiation Portal Monitors | 2017-08 |
![]() |
Coffee maker (used to infect factory) | 2017-07 |
![]() |
Networked printers | 2017-07 |
![]() ATM |
Diebold ATM | 2017-07 |
![]() |
Car GPS | 2017-07 |
![]() |
Tesla Model S (GPS) | 2017-07 |
![]() |
smart gun | 2017-07 |
![]() |
IP cameras | 2017-07 |
![]() |
office security badge | 2017-07 |
![]() |
Car wash | 2017-07 |
![]() 2008 touch screen voting machine equipped for blind, deaf, wheelchair and other disabilities. Used in Florida and other states. |
USA voting machines | 2017-07 |
![]() |
Gas pump card reader | 2017-07 |
![]() |
Tesla Model X (remote takeover) | 2017-07 |
![]() |
IV pump | 2017-07 |
![]() |
e-cigarette (japanese) | 2017-07 |
![]() goldfish jumping to new tank |
fish tank (network access) | 2017-07 |
![]() |
Tesla (again) | 2017-07 |
![]() red hoverboard or self-balancing scooter |
Hoverboards | 2017-07 |
![]() |
home alarm system | 2017-07 |
![]() |
Humax WiFi router | 2017-07 |
![]() |
CIA in-house vending machines | 2017-06 |
![]() |
Virgin Media router | 2017-06 |
![]() |
CloudsPets stuffed cat | 2017-06 |
![]() |
WiMAX routers (various) | 2017-06 |
![]() |
Foscam security cameras many models | 2017-06 |
![]() |
SD-WAN routers (fixed) | 2017-06 |
![]() |
Digital signage in Union Station | 2017-05 |
![]() |
Rockwell PLC | 2017-05 |
![]() |
Insulin pump from Animas | 2017-05 |
![]() |
Digital billboard | 2017-05 |
![]() |
Pacemaker ecosystem | 2017-05 |
![]() |
OnePlus phones | 2017-05 |
![]() |
Hikvision IP camera | 2017-05 |
![]() |
travel router | 2017-04 |
![]() Smart electric meter |
Smart electricity meters | 2017-04 |
![]() |
Hyundai cars with blue link | 2017-04 |
![]() |
Linksys routers (20 models) | 2017-04 |
![]() |
Bosch OBD-II car dongle | 2017-04 |
![]() |
AGA Oven | 2017-04 |
![]() |
Home routers (turn off external config access) | 2017-04 |
![]() |
Cisco access points | 2017-04 |
![]() |
Cellular modem TP-LINK | 2017-04 |
![]() By Leif Skoogfors (This image is from the FEMA Photo Library.) [Public domain], via Wikimedia Commons |
City Sirens | 2017-04 |
![]() |
Garage door via it’s vendor | 2017-04 |
![]() |
Smartphones and tablets via Broadcom WiFi chips | 2017-04 |
![]() |
Schneider Electric Modicon controller | 2017-04 |
![]() |
Siime Eye vibrator | 2017-04 |
![]() |
Siemens PLC | 2017-03 |
![]() |
Most Smart TVs | 2017-03 |
![]() |
Dishwasher | 2017-03 |
![]() |
Google Nest Cam | 2017-03 |
![]() |
FitBit and others | 2017-03 |
![]() |
Telepresence robots | 2017-03 |
![]() |
Dahua CCTV, IP Camera, DVR | 2017-03 |
![]() |
WD network drive | 2017-03 |
![]() |
ACTi Cameras | 2017-03 |
![]() |
Dbltek GoIP (voip) | 2017-03 |
![]() |
Factory robots | 2017-03 |
![]() |
Teddy bear | 2017-02 |
![]() |
Smart coffee maker | 2017-02 |
![]() |
Cayla Doll | 2017-02 |
![]() |
Medical devices | 2017-02 |
![]() |
Public USB chargers (again) | 2017-02 |
![]() |
Android car apps | 2017-02 |
![]() |
Slot machines | 2017-02 |
![]() |
Vizio smart TV spyware – not hack | 2017-02 |
![]() |
ATM machines via memory malware | 2017-02 |
![]() |
Vending machines | 2017-02 |
![]() |
Honeywell Scada Controller | 2017-02 |
![]() |
Cisco Prime Home | 2017-02 |
![]() |
Hotel door locks | 2017-01 |
![]() |
Printers various brands | 2017-01 |
![]() |
St Jude Medical Cardiac devices again (or still) | 2017-01 |
![]() |
Samsung Galaxy phones | 2017-01 |
![]() |
Netgear routers | 2017-01 |
![]() |
Network DVR | 2017-01 |
ATM machines | 2017-01 | |
![]() |
Cisco TelePresence MCU | 2017-01 |
![]() |
USB charger | 2017-01 |
![]() |
iPhone running iOS 10 | 2017-01 |
![]() |
Samsung SmartCam | 2017-01 |
![]() |
Juniper SRX firewalls | 2017-01 |
![]() |
D-Link routers & IP cameras | 2017-01 |
![]() |
LG Smart TV | 2017-01 |
USB port on Apple MAC computers | 2014-12 | |
![]() |
ATM machine | 2014-11 |
Credit card readers – skimmers on ATMs and gas pumps | 2014-10 | |
![]() Canon Pixma printer |
Canon Pixma printer | 2014-09 |
![]() Traffic light |
traffic lights | 2014-08 |
Thermostat – Nest | 2014-08 | |
Light bulb – LIFX | 2014-07 | |
![]() |
HbbTV enabled TV | 2014-06 |
![]() |
DEKA Cyborg mechanical arm | 2014-06 |
Road signs | 2014-06 | |
![]() |
Hospital equipment (various) | 2014-04 |
![]() |
ASUS home routers | 2014-02 |
![]() |
Estimote bluetooth advertising beacon | 2014-01 |
SD cards | 2014-01 |
![]() |
Consumer drones via SkyJack | 2013-12 |
Belkin baby monitors | 2013-10 | |
![]() |
Philips Hue light bulbs | 2013-08 |
![]() |
Satis Smart Toilet | 2013-08 |
![]() |
Insteon smart home hub | 2013-07 |
![]() |
300 medical devices | 2013-06 |
Electricity smart meters | 2013-06 | |
![]() |
Canon camera | 2013-03 |
![]() |
SpaceLabs patient monitoring app | 2013-01 |
![]() pacemaker x-ray |
pacemakers (and other medical devices) | 2012-12 |
![]() |
DLS modems | 2012-10 |
![]() |
Thermostat (US Chamber of Commerce) | 2011-12 |
![]() |
Printer (US Chamber of Commerce) | 2011-12 |
HP printers | 2011-12 | |
![]() |
HP LaserJet printers | 2011-11 |
![]() |
Water treatment plant | 2011-11 |
![]() waste water treatment pipe |
sewage treatment plant | 2011-11 |
![]() |
Medtronic wireless insulin pump | 2011-10 |
![]() |
Car CD players | 2011-03 |
![]() |
Tire pressure monitoring systems – TPMS | 2010-08 |
![]() |
ATM machine | 2010-07 |
![]() 2009 Chevy Impala dash |
OnStar – 2009 Chevrolet Impala video |
2009 discovered 2015 fixed |
![]() |
Home routers | 2008-06 |
![]() |
Heart devices – defibrillators and pacemakers | 2008-03 |
For more security info check out the security resources page and a few of these books can help.
Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development,