IoT Security in Your Business & Home
By Aaron Oliver
Think for just a second about how many things are in your home and office that communicate over the internet in some form or fashion. A few years ago, the number of devices may have included just your computers and your phones and you could count the number of devices on one hand. If you think about it for a moment you may not even have realized that you now have 27 or even more devices in your home connected to the internet. 27 is the number of things I had in my home, and our small office has even more devices. So now I must ask you, who or what is making sure that these things are secure?
Well, the companies who sell you these devices, if they are reputable are probably thinking about security and even releasing patches and updates for the products you have in your home and office. But there are so many fly by night and small companies getting into the IoT space, and most of them are just worried about functionality and using watered down insecure methods of connectivity. This can lead to leaving your business and even your home network susceptible to attack and intrusion.
In 2015 hackers exposed a flaw in Samsung's Smart Refrigerator that could be used to do a "man in the Middle" attack and grab passwords for the residents google account. This would allow for someone to access your email, files, calendar, and possibly steal your identity. All because of a flaw in, yep I said it, your refrigerator!
I have read many other case studies where an attacker gains access to a network because of a cloud connected printer or webcam. They are then able to remotely monitor the inside of your network from the device to figure out what else is on the network behind the firewall. Once they have watched the network traffic long enough, they could even use that smart device to attack an actual computer or server on the network. They may have never had the opportunity to gain access if not for some smart device that was plugged in and never thought about again.
So, while you may not think of that TV hanging in your conference room as IT related or needing to be included in budgeting IT support hours, you may just be wrong. Most of these web connected devices are basically just running small computers that are connected to a larger service in the background. As the manufactures learn that the web server their smart TV is using has a flaw and release patches, who is installing these for your organization? Better yet how do you check? Even for IT personnel this is a task because there are not really any standards when it comes to these types of devices and no way to centrally manage these devices. Someone must go to each device and figure out how to look at the settings, and manually download and install the patches.
So, the point here, is that you must be diligent in making sure that your networks are secure, because you might just be housing a ton of insecure devices that could open the door for an attacker to literally waltz right in behind your firewall and monitor all your activity. Do some research before buying devices for your business and choose ones who update regularly, and even better, buy devices that self-update when needed. Spending a little more on a device from a reputable company with a focus on security could help save you from having your network and data compromised.
Aaron Oliver is a Senior Network Engineer at ThrottleNet