Compromising Internet Appliances

by Plex Inphiniti

With today's technology and today's commercialism the Internet has become larger than any other of mankind's creations.  And everyone wants to be on it.

People are rushing out to buy computers for the sole purpose of "getting on the net."  With this bursting of wired technology and international networking, common everyday devices are now being made with interfaces to work through the Internet.  With these new implementations comes the inevitable security risks that come with every system on the net.

For example, there are several exercise devices that can be connected to the Internet, thus allowing the user to have a virtual trainer online guiding them and controlling their device.  There are automated workouts that people can run through this company's website, www.iFIT.com

Web servers have been known to have exploits, allowing attackers to gain access to the system and permitting them to change any file on the server, including the graphics files that are used to control the exercise equipment during automated workouts.  If an attacker was to alter these workouts to force the runner to keep up a pace of 15 mph at a 20 percent incline, thousands of 50-year-olds across the nation would either have a heart attack or fall off the speeding treadmill and hurt themselves.

Another fine example of a device that could be compromised is that of i-ready sexual devices.

One such company, at www.safesexplus.com/pages/SSP_Converter.html sells a device that attaches to your monitor.  The box reads two parallel boxes that range from black to white.  The intensity of whiteness controls the intensity of the vibration/suction etc.  All the attacker would have to do is replace the adjustable Java applet with an animated GIF that alternates the extremes (black and white) which would cause the devices to switch between off and high speed quickly, possibly burning out the device, but definitely annoying or harming the user.

A final example is that of Internet appliances meant to reside in the kitchen of the house, allowing the user to listen to streaming music, browse sites (perusing a recipe or two), watch DVDs, and monitor other appliances in the kitchen.  The last option is the most vulnerable.

At this time I believe it can only monitor the devices, but if an attacker broke into the appliance, they could possible modify the software that monitors and calibrate it incorrectly, thus causing the turkey that is supposed to be finished cooking in one hour to remain in the oven for three hours before the user is alerted that it is done.  Of course, fires/mess could ensue also.

These are just several of the existing devices that today could be exploited.  In the next couple of years you can expect to see more and more of these "Internet ready" appliances appearing in people's homes.  Manufacturers of these appliances will face a whole new horror as consumers bring up lawsuits for loss of life, limb, or property due to a device being compromised.

Greetz to Krometekk, Lord Maetrics, Fatal_ Error, Blink, Hyberboy, Krytical, The Trunk Toaster, and Heretic.