TORCHLIGHT Reveals Silent Attacks Exploiting the Tor Network to Breach Smart Home IoT Devices

A recent report published by the Georgia Institute of Technology revealed a new tool called TORCHLIGHT, designed to monitor malicious activities carried out over the Tor network targeting cloud-unconnected Internet of Things (IoT) devices.

The study, conducted in collaboration with the University of Tübingen in Germany, explained that TORCHLIGHT managed to track more than 300,000 suspicious addresses using the Tor network to hide cyberattacks on home devices such as cameras, routers, and even some connected medical tools.

According to the report, TORCHLIGHT detected over 45 security vulnerabilities, including 29 classified as "zero-day", meaning previously unknown. These vulnerabilities affect approximately 12.7 million devices worldwide, spread across 148 countries, making them easy targets for hackers.

The danger of these attacks lies in their use of the dark web and their identity concealment through the Tor network, which makes tracking them extremely difficult. In many cases, the user is unaware of any breach, while their devices are used to launch attacks on other targets or to collect their data.

Key findings of the study include:

• Many devices do not receive regular security updates, leaving them perpetually vulnerable.

• Some manufacturers do not provide protection mechanisms for devices when disconnected from the cloud.

• Exploiting these vulnerabilities can lead to the compromise of entire home networks, not just a single device.

What can be done?

• Continuously update the firmware.

• Change default passwords immediately after purchasing the device.

• Disable any protocols not actively used, such as UPnP or Telnet.

• Use smart home firewalls to monitor suspicious traffic.

In a world where connectivity is expanding, it has become essential to realize that every smart device we own could become a gateway for threats. Protecting the Internet of Things begins with user awareness and ends with the responsibility of manufacturers.