Abusing the Internet of Things

speech-recognition technologies, 234-238
spoofing alerts, 162-163
SQL injection vulnerability, 221
sslstrip tool, 150-152
static passwords, 239
(see also password security)
Stefopoulos, Periklis, 154
superintelligence, 247-248

T
targeted ads, 244
tcpdump infusion, 154
telematics vulnerabilities, 167-168
television (see smart TVs)
temporary key (TK), 50
terrorist threats, 218
Tesla, 170
autopilot/autonomous car technology, 185-187
IP-based architecture risks, 183-185
malicious attack potential, 176-177
malware threats, 177
Open VPN protocol use, 183
password security, 174-177
security of customer data, 178-179
session token storage risk, 181
social engineering threats, 178-179
Tesla Model S API project, 176
third-party app risks, 179-181
website vandalization, 222-226
text message spoofing, 101-103
The Interview (film), 219
thingbots, 219, 231-232
threat agents, 216-228
criminal organizations, 218
cyberbullies, 226-227
defined, 216
employees as, 219-221
future (see future threats)
hacktivists, 221-222
nation states, 217
NSA (National Security Agency), 217
predators, 227
terrorists, 218
vandals, 222-226
tire pressure monitoring system (TPMS), 158-163,
187
architecture of, 159
eavesdropping and privacy implications, 161
reversing communication, 159-161
spoofing alerts, 162-163

TOCTTOU (Time-of-Check-to-Time-of-Use)

attack, 123-129

TOKEN values, 24

TPMS (see tire pressure monitoring system)

Transport Layer Security (TLS), 100

Transportation Recall Enhancement, Accountabil-

ity and Documentation (TREAD) act, 158

Trusted Computing Group (CTG), 216

Trusted Platform Module (TPM) standard, 216

Twitter account hacking, 222-225

U

UART (Universal Asynchronous Receiver Trans-

mitter) chips, 213

Ubertooth, 47

Universal Plug and Play protocol (UPnP), 70

unmanned aerial vehicles (UAVs), 232-233

URL schemes, 24

User Datagram Protocol (UDP), 66-66

V

Valasek, Chris, 163, 166-169

vandals, 222-226

vehicle-to-infrastructure (V2I) communications,

186

vehicle-to-vehicle (V2V) communications, 186

W

WeMo baby monitor, 68-84, 106

app discovery and connection to monitor,

70-75

malware issues, 76

WiFi password vulnerabilities, 75-76

WeMo Switch, 78-83, 106, 113-118

whitelist tokens, 30

widgets, 142

WiFi Pineapple Mark V, 146-154

WiFi security vulnerabilities at prototyping stage,

205-210

WikiLeaks, 221

wireless connectivity, in connected cars, 163-170

Bluetooth vulnerabilities, 166-167

injecting CAN data, 164

significant attack surface, 169-170

telematics vulnerabilities, 167-168

wireless lightbulbs (see hue lighting system)

Wireshark network sniffer, 47

INDEX 269