SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES

Securing Connected Home Devices

By: Marijus Briedis

With so many people remotely working, today’s typical office looks nothing like it did before. In fact, it might be corporate chaos in the living room. This new approach to working from home introduces new risk from a technological perspective, as there are now hundreds of devices accessing corporate networks. 

The days of being able to control every element through Active Directory and still stay safe are over. And as the lines between work and home continue to blur during and after this period, employees will increasingly use their personal devices while working from home. Many may also switch between personal and company-issued devices to perform work-related tasks.

To add to the chaos, chief security officers for companies around the world must deal with a number of unaudited, uncontrolled, and yet interconnected Internet of Things (IoT) devices that employees own.

In 2020, home security cameras, smart TVs, fridges, robot vacuums, baby monitors, and doorbells all became a part of a company’s peripherals (if we can still apply the term to today’s situation). All these devices have become gateways to the corporate world—in hackers’ eyes, at least. This is because, first, most of these devices are not even password protected; second, they are connected to the same network the user’s computer is; and, third, there are still no standard controls or protocols for IoT developers to follow.

So, the present is a new opportunity both for IoT innovation to blossom and for cybercriminals to thrive.

Big Brother at the home office

George Orwell's dystopian concept of Big Brother might not be that far-fetched, as individuals and businesses now all rely on devices capable of interacting, recording, and tracking. And these consumer devices are keeping CSOs around the world awake at night.

Recently in Singapore, hackers broke into security IP cameras and shared the footage online, specifically on nefarious sites. The videos featured people in footage they might not have wished to be revealed, including mothers breastfeeding their babies and people working in their underwear.

The victims’ faces are not blurred, which makes them easy to identify, especially with facial recognition technology. Such technology, offered by developers like Clearview.ai, is so advanced that it can scrape a decade-old picture from the Internet and link it to the person. This kind of hack poses a lifetime threat to the victims. Businesses fall under the same risk, as home cameras can be used for corporate espionage—bad actors can easily observe what employees are typing on their devices.

Gaining access to an IoT device is relatively easy. In 2019, credentials of more than 3,000 Ring users ended up online after a credential stuffing attack. People tend to use the same credentials for most of their accounts, so attackers simply had to match the previously leaked passwords to take control over the device. To make it even easier for hackers, users often keep the manufacturer’s default password.

Dozens of stories about hacked baby monitors have been made public. Hacking them isn’t difficult either. And, because our homes have become our offices, baby monitors are perfect for recording business calls.

Aside from privacy and security concerns, the bigger danger is the fact that hackers can harness interconnected devices to form a botnet—and IoT devices are often used for just that. One of the best-known botnets is Mirai, which caused a lot of trouble in 2016 and still exists today. When we have interconnected devices, the virus spreads from our home devices to our work devices, ultimately infecting corporate servers.

Because the IoT industry is in its infancy, such devices have the potential to become cybersecurity risks. In the rush to bring them to the market, most manufacturers simply ignore the notion of security.

Making IoT more secure

Interconnected IoT devices are expected to lead to the fast emergence of dominant digital ecosystems. As a result, a breach of a single element will present new challenges for mitigating the resulting wildfire.



FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel