ShieldSquare is now Radware Bot Manager

ShieldSquare is now Radware Bot Manager

How Malicious Bots Can Target IoT Devices and Impact eCommerce Businesses

November 4, 2016 | All Automated Threats Bot Prevention Technologies

bad bots taking over internet of things

The Internet of Things (IoT) is a collection of billions of electronic devices, ranging from smart fridges to wireless wearable products. Since 2010, the number of devices connected to the internet has doubled from 12.5 billion devices to 25 billion. IoT, simply put, is the virtual avatar of a physical device. These devices communicate over the internet, and are controlled by their users.

With each and every device connecting to the world of Internet, risks are inevitable. More and more data is exposed to the internet; allowing more data to be floating around for hackers to easily tap into. For instance, traffic lights connected to the internet can be breached by hackers, which can easily cause damages in the real world! This is how far innovation has brought virtual and physical worlds together.

More and more manufactures are moving towards a smarter tomorrow. Cars, washing machines, fridges, etc., are becoming smarter by connecting themselves to the internet. We can control these IoT devices through our smartphones.

Dubbed by some as the scariest search engine in the world, it is just a website that searches and indexes all the physical devices connected to the internet. It can crawl and index more than 500 million devices per month. With a simple search, Shodan can locate servers, webcams, printers, routers and all the other devices that is connected to and makes up the Internet. The website is used by white and black hat hackers. A simple search string of Default password will give you all the devices connected to the internet with passwords such as “1234” “password” “admin” etc.

We, as a generation, are moving forward into the future of smart living. We can control our lights, windows, doors etc with our mobile phones. We secure our mobile phones but we neglect protecting the devices connected to it. It is truly scary as you can sit at home and access anybody’s security cam that has a default password. It is very disturbing and at the same time amusing to know how insecure these devices are.

Smart home control hubs are easily hacked by attackers. They can easily take control of your heating, lighting, power and door locks. These systems are even implemented in large scale at offices and industries, making them an even bigger vulnerability.

An attacker, each time he hacks into a device, can add it to his botnet. When needed he can trigger a DDoS (Distributed Denial of Service) attack on any given target. Without our knowledge, our household items can be used as weapons.

“We are already seeing hacked TV sets and video cameras & child monitors that have raised privacy concerns, and even hacked power meters which to date have been used to steal electric power,”  Paul Henry, a principal at security consulting firm VNet Security LLC in Boynton Beach, Florida.

IoT devices turned into bad bots attacks

The source code of the malware dubbed “Mirai” was released on HackForums by a user named Anna-senpai. This malware constantly looks for IoT systems across the web with factory default, usernames and passwords that are hard-coded. These devices are then injected with malicious programs that turn them into bad bots. These IoT devices are then controlled by a central server which the hacker has control of. These devices (bad bots) in tandem, can attack and  knock out the biggest of websites with ease and cause revenue loss.

So, how does this affect eCommerce businesses?

People have already laid their hands on smart refrigerators that can automatically order food and groceries, as and when they get depleted. Samsung and MasterCard have collaborated to create a fridge that does just that – order groceries from FreshDirect and ShopRite.

When one of these futuristic devices are hacked from the outside, they can collectively intercept the servers of the eCommerce websites and place orders for products continuously. These order placements by bots, though fake, will appear genuine, leading to revenue loss to the eCommerce websites shipping these items. Today, competitors deploy third-party scrapers to target websites, scrape their pricing information, listings and product catalog, so that they can undercut them and gain an unfair advantage in the marketplace. Imagine the competitors going to the next level of hacking IoT devices, and using bots to place fake orders. These fake orders cause financial loss and embarrassment to the genuine customer whose credit card is being used to place the items. The customer can even stop using the eCommerce website, and when many such customers leave, the website’s brand identity will be at stake.

Also, these malicious bots on compromised IoT devices, often add items to cart and create thousands of them just to be abandoned later. Such a malicious activity will lower the inventory level in real-time and show items as out-of-stock for genuine users that are willing to buy.

So, what do you think of the role of malicious bots on IoT devices? Well, it’s somewhere into the future. But, the future is now!


Originally posted on

Tags: , ,

Subscribe to Radware Research and Blog
Thank you for subscribing
Thanks. Sent confirmation email.

Related Content

November 28, 2016
Cyber Monday: 5 ways you could lose out to Bad Bots
November 22, 2016
5 ways bots can ruin Black Friday sales for eCommerce Websites
November 8, 2016
Shoe bots ruining your shopping experience? What the fuss in boots is this?

Step Up and Take Action

Powered by Think201