The Internet of Things (IoT) is fast becoming a major part of our lives at home and are creeping into the business space.
A couple of years ago, a Casino ( a business known to be reasonably savvy when it comes to security) was breached when they overlooked the vulnerabilities associated with an internet connected fish tank monitor. Devices open to these vulnerabilities include smart assistance, thermostats, fridges, air conditioning, smart sockets, toothbrushes....
These devices are a risk as they often run some form of Linux, a web server, have an internet connection and are really (if ever) updated. Here are three tips to reduce the threat caused by these items, both at home and in the business.
- Update the devices if possible
- Keep the devices that don’t get updates on a separate network segment - This can be as simple as creating an IoT only WiFi network
- Consider if you actually need the device to be internet connected? Do your scales actually need to tweet about your use?
IoT devices have other potential national security risks associated to them too. Consider any high electrical-load device (such as a smart kettle, or smart switch connected to a dumb air-conditioning unit, or your electric boiler on your thermostat):
A bad actor could potentially use a mass of these devices to rapidly switch on and off, this could create a harmonic in the national grid, causing major power-outages and damage to the national infrastructure. This type of attack, whilst plausible, would require some work and tuning to work effectively though, so don’t worry about this just yet.
cybercriminals hacked an unnamed casino through its Internet-connected thermometer in an aquarium in the lobby of the casino