Smart devices in homes, medical facilities, transportation systems — basically everywhere —  have always been there to improve our daily activities, but they are vulnerable to cyberattacks. Despite significant developments in the cybersecurity of smart devices, these devices are still at higher risk for cyberattacks than computer systems. 

Danda B. Rawat, Ph.D., associate dean for research and graduate studies, and his team of researchers, Howard University College of Engineering and Architecture graduate student researchers Yuba Siwakoti and Manish Bhurtel, and industry cybersecurity experts Adam Oest and RC Johnson, conducted a 17-month investigation on smart Internet of Things (IoT) device abuse in financial cybercrime.

Our 17‑month study uncovers a harsh truth: smart IoT devices are cybercriminals’ go‑to weapons, hijacked as proxies for financial crimes, with smart IP cameras and NAS drives topping the hit list,” said Rawat.

For the investigation, the researchers applied a sampling strategy using standardized data from publicly known cybersecurity vulnerabilities, public research data, and the Shodan search engine’s exposure. The team published their study, “IP Camera Can Be Abused for Payments: A Study of IoT Exploitation for Financial Services Leveraging Shodan and Criminal Infrastructures,” in IEEE Transactions on Consumer Electronics.

The researchers traced hacked smart devices repurposed as proxies across the darknet, underground forums, and Telegram, where they were exploited in financial crimes like illegal transfers, crypto theft, and credit card fraud. 

Typically, financial crimes involve stealing financial information, such as credit card numbers or bank account login credentials to commit fraud or identity theft or manipulate financial transactions. Some financial cybercriminals also commit fraud through ATM skimming or money transfers using accounts that have been compromised.

This is the first sufficient study to date that reveals the extent to which smart devices are hacked and used in financial cybercrime. The team discovered that the smart devices most frequently hacked for financial cybercrimes are smart digital security cameras or IP cameras.

Financial institutions are a primary target. Cyberattacks on financial institutions pose greater security risks as they can involve massive monetary losses, cause business disruption, and threaten the confidentiality, integrity, and availability of these institutions.

Rawat and his team make important security recommendations in their publication. Frequent network monitoring and scanning of devices is necessary to detect vulnerabilities early on and help prevent cybercrime. Tools like Shodan are instrumental in determining if a device has been exposed. Anti-financial crime tools are also available to financial institutions and are considered crucial by cybersecurity experts.

Staying alert and paying attention to any unusual activity on smart devices is key and can help protect consumers and businesses from financial cybercriminals. 

Read the team’s full recommendations.

Rawat is the founding director of the Howard University Data Science & Cybersecurity Center and the DoD Center of Excellence in Artificial Intelligence & Machine Learning (CoE-AIML).