An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizon's upcoming yearly data breach report.
The DDoS attack was caused by an unnamed IoT malware strain that connected to the university's smart devices, changed their default password, and then launched brute-force attacks to guess the admin credentials of nearby devices.
I wonder how long it will take till someone manages to break into Alexa and google home to force them to start yelling obscenities all hours of the night...
won't be long in my opinion... I've wondered if those communications are encrypted. My friend has one and I am dying to go in with wireshark or bro and do some 'sniffing' around :)
I'm sure they are encrypted, but it's more a matter of how well encrypted and if MITM is possible. On top of that, sometimes they'll accept unencrypted messages, even though they default to encrypted.