Smart devices, sometimes referred to as the Internet of Things (IoT,) have found a growing place in the contemporary home, promising to provide security and convenience for our daily activities However, inadequate security measures, and overworked personal networks have the potential to provide an avenue of exploitation by opportunist cybercriminals.
The rise of IoT(no, that isn’t the next Terminator movie) can be seen by the rapidly increasing number of smart devices in the contemporary market. According to Intel, by next year there will be around 26 smart objects for every human on earth! A significant increase from the two billion smart objects against a global population of 6.6 billion in 2006. However, despite the fact that Amazon alone has sold 100 million Alexa devices, most IoT devices aren’t found in the home. A study by Intel suggests that the application for smart objects in business will be astounding. The same Intel study predicts that by 2025, the market for IoT will create a potential industry market of $6.2 trillion across healthcare ($2.5 trillion), and manufacturing ($2.3 trillion), leaving a $1.4 trillion market for private consumers.
Considering the potential market, it’s no wonder that seemingly every new device is connected to the Internet, and every publication is ranking and recommending smart devices with the promise of making your home more efficient, from lightbulbs to thermostats, kettles to cat food dispensers. According to YouGov, in 2018, 23 per cent of Britons had at least one smart device in their home.
Work it out
This increasing reliance on the IoT raises a multitude of new complications for the modern workplace. While you wouldn’t consider lugging your brand-new smart refrigerator into your office, even though it would stop your colleagues from pinching your lunch, the ubiquity of IoT means that many smart devices may go unnoticed. For example, if your Smart Watch is synced with your phone, it will automatically connect to previously known Wi-Fi networks. This creates a conundrum for employers, particularly if company phones are provided to their employees. Where do employers draw the line on the increasing impetus for employees to bring their own device into work? This question becomes even more controversial as IoT becomes increasingly entwined with daily life.
The staggering number of smart devices worldwide should lead to a re-examination of network security on both a corporate and private level. The increasing number of smart devices on private networks with a single access point poses a potential risk. Decision-makers should explore the possibility of a network segmentation that segregates trusted devices, such as a work computer, from untrusted devices, like a potentially nosey toaster or clever coffee machine. This improves security as all unknown devices will be connected to the network as a guest with unaffected functionality, but limited risk of housing unsecure devices on the same network as secure tools.
The Cost of Convenience: It’s no doubt that using smart devices generally makes life easier, both globally, and on a personal level. However, one must be vigilant of the risks that they pose. Even door locks have the capacity to be networked as part of the ever-growing IoT landscape. While vendors might assure you that their device is the most secure option, or that it will save you valuable moments in your daily routine, it is essential to examine the security parameters that are embedded within each device.
Secure configuration is key
Your security should not be compromised for any reason. That includes cybersecurity. On one hand, Wi-Fi CCTV cameras may provide you with tools to protect your property, on the other hand they could provide a digital back door for a tech savvy criminal to monitor your physical door or gain access to your home network. Wi-Fi IP cameras, like most IoT, are not always reliable, safe, or immune to cyberattack. Papadopoulos Konstantinos of Hackernoon demonstrated how he used a Deauthentication Attack to disconnect a camera from the access point that it’s connected to. This “simple attack” used a generic code to freeze the camera and deactivate the camera’s motion sensors. Konstantinos went on to elucidate that this attack would not have been possible had the camera used a “wired connection and not a wireless one”. Indeed, Konstantinos speaks great wisdom when he outlines the threat of wireless networks because “the medium is air and air is accessible to all”.
Secure Configuration is Key: When using IoT, especially in the context of privacy or security, it is essential to ensure that all devices are configured securely and kept up to date. Devices that are poorly configured, or have not been updated to the latest version that closes off exploitable flaws,no matter how ‘smart’ their vendors claim they are, present an opportunity for potential hackers or cybercriminals.
Education is Elementary: Vulnerabilities will inevitably be discovered, and new threats developed, so keeping abreast of the latest cybersecurity threats and following guidance is advisable. This helps create a safer environment for work and daily life, particularly as we are relying more and more on smart devices across both realms.
When in doubt...
Gavin Millard, VP of intelligence, Tenable