More simply put, the Internet of Things (IoT) and Bring Your Own Device (BYOD) are two concepts that have been on the rise and show no signs of stopping. With the boom of AI technology, smart devices are becoming more and more a crucial part in the daily routine of the average person. However, what may add ease to your morning routine might also be putting you at risk for some much more serious cyber threats.
Q: What is IoT?
A: IoT stands for Internet of Things. It’s the technology of taking everyday devices and connecting them to the internet. We all have devices with these capabilities whether it be your smartphone, smart home assistant, or even your smart fridge, they are all connected to the internet. Having these on your work network or even your home network leaves you vulnerable to possible cyber threats. Think of your network as a hallway full of doors. Once on your network, or in your hallway, a threat can easily move between your unsecured doors.
Q: What devices are considered Smart Devices?
A: Anything that can connect to your wireless network for some “advanced” purpose can be considered a smart device. For example, your smart coffee brewer has been programmed to start your coffee every day at 8 AM, following that, your Amazon Alexa plays your wakeup mix and opens your blinds in your bedroom. While all of this seems practically utopian, by transitioning so much of your routine to the IoT, you are leaving yourself open to cyber attacks. Once one of these doors is infiltrated, it leaves the rest of your network accessible. Attackers can move from one device to the next once they break-in. That is if the network isn’t secure.
Q: Is BYOD safe? Is it worth the money saved?
A: BYOD can save a company lots of costs due to the lack of need to buy each employee their own phone/computer. The problem with this is that employees will bring their device home with them. Once off your secure network, you have no idea what they’re doing on their own. An employee could infect their devices with malware, and bring it back to the office network, allowing it to spread.
Q: What sort of information can be derived from hacking a Smart Device?
A: Most smart devices only contain a small bit of information. The real issue is when someone takes over control of the device. If they are able to re-program a device to relay the video feed from your smart fridge, an attacker could see inside your fridge, just like you could. That’s just an example, most sophisticated attacks are made on the fly and depend on what smart devices the attacker can get to. Amazon Alexa can be accessed to retrieve any audio logs. Recently, Amazon came out admitting that their employees listen to thousands of conversations from the devices. If audio logs are kept locally on the device, a hacker can access this. While a majority of these stored recordings are most likely users asking, “Alexa, what is the weather going to be like today?”, the possibilities will expand with more exploits for more devices coming out every day.
Q: How can I protect my IoT?
A: Securing IoT devices can be very tricky. The best way to secure these at your home is to put them on a separate network. Your router will permit you to log into it (follow the instructions on the router itself) and most modern routers allow you to set up a guest network very simply. Most times it’s simply a checkbox in the configuration settings. For your workplace, you can do the same, or block any traffic specific to the device. Reach out to your IT staff and see if they can do a network traffic capture to see what the device uses. From that point, they can then specifically block certain traffic. This will impede the full functionality of the device, but it’s a small sacrifice for a more secure workplace.
This is the 5th part of an 8-part series. To learn more about cybersecurity and safe practices, check out the links below:
Phishing
Safe Internet Browsing
Social Engineering
Safe Passwords and Security
IoT + BYOD
Rogue Access Points
Penetration Testing
What to Do After a Data Breach
Next week, we will be discussing Rogue Access Points and the possible risks associated with having them in your network. Remember to submit your questions to info@hvtdc.org.