Beware of cybercrimes using IoT or Smart devices

Mr. Sharma, an IT professional had a smart home with smart door locks and various other smart systems. They had been on a 10 day foreign tour and on return they found that their house was burgled and one investigation by police they came to know that their smart devices including locks and wifi was hacked and cyber criminals were listening to their voice and used their vacation time to loot the house.

In another incident, Miss. Lalitha received a smart shampoo dispenser as a lucky dip gift in mail. She excitedly kept it in her bathroom and in couple of days she received a nude video of her on WhatsApp with a extortion message, stating if she does not transfer 50000 to the specified account, her nude video shall be made viral.

In another incident, the CCTV cameras were hacked and was used to stalk and monitor people movements and that data was later used to commit various crimes.

Above incidents are some of the examples of cybercrimes done using smart or Internet of Things(IoT) devices. Smart or IoT devices are becoming very popular as they are getting cheaper, easily available and provide us flexibility, comfort, excitement and improves our efficiency. As per a survey, cybercrimes using IoT devices are increasing exponentially and was 300% more in 2023 than 2022, as more and more devices we use become IoT enabled or smart this crime rate will only increase. Here cybercriminals use peoples negligence, lack of technical knowhow, laziness to change password and ignorance to loot people. Strange fact is here cybercriminals loot people without letting them know that their smart devices are only helping them execute the crime.

Precautions to take to prevent IoT cybercrimes :-

• Change the default password of your smart devices and set a complex alphanumeric or minimum 8 digit password.
• Install good antivirus and firewall software on your smart phone and regularly update it as your smartphone controls or is doorway to most IoT devices.
• Buy and use only reputed or trusted brands of smart or IoT devices.
• Keep your smart or IT devices updated with latest security patches.
• Secure your Wifi network with a difficult alphanumeric or minimum 10 digit password.
• Create a separate network for IoT devices to prevent unauthorized access to other devices if possible.
• Enable and use multi-factor authentication if the IoT device supports.

If you are a victim of such fraud :-

Immediately call 1930 cyber helpline or file a complaint at cybercrime.gov.in website or nearby police station. Change your wifi password and disable or replace the hacked device till you can clear the malware infection. Report the issue with the manufacturer of the hacked device if possible and you can take legal action against them if it was due to manufacturing issue.

Legal remedies available to the victim :-

You can register a criminal case at your nearest cyber or regular police station, under the following legal sections or the Act as per sections prescribed by the police based on your case :

• Section 378(Theft), 419 (punishment for cheating by impersonation) and 420 (cheating and dishonestly inducing delivery of property), Section 424(extract data illegally), Section 441(criminal trespass) of Indian Penal Code(IPC)
• section 43 (Penalty and compensation for damage to computer, computing device etc.), section 65 (Tampering with computer), section 66 (punishment for computer related offences – a person committing data theft, transmitting virus into a system, destroying data, hacking, or denying access to the computer or network to an authorized person), section 66C(which prescribes penalties for identity theft and states that anyone who fraudulently or dishonestly uses a person’s identity information) and Section 66D (punishment for fraud by impersonation using computer resources) under of the Information Technology Act(IT) Act 2000.