Can a Toaster Hack Your Network?
I mean, that’s ridiculous, right? Maliciously burn bread until its inedible maybe, but infiltrate an enterprise-level network? Luckily, the answer right now is no, but we’re fast entering a world where there will be more devices with network capabilities than companies can account for and secure their networks against. A world where even mundane items are equipped with sensors, software, and connections to the outside world is becoming the new normal, and a term has been adopted to describe it, the Internet of Things (IoT).
So that’s a buzzword by any definition, and a quick internet search will show that it might be worthy of buzz, but what does a term like that mean exactly, and what effect does it have on individuals, and ultimately, companies as a whole?
I started by trying to figure out when this term first came into existence. The notion of eventually having everything in a home being “smart” and able to talk to one another. Or a node out in the wider world has been a theme heavily featured in Science Fiction going back decades. But when did it creep into everyday language? As far as I can tell, it started with a presentation by Kevin Ashton, presenting on the uses of RFID and its place in the commercial world as far back as 1999. Around this same time, LG decided that what the world needed was a fridge that could connect to the internet. From there it’s been an increasingly diverse offering of toys, appliances, and personal gadgets with the goal of making our lives easier and keeping us connected. A lot of people in the world feel that convenience and entertainment are just a small portion of the IoT’s potential.
Take, for instance, self-driving cars. One in its own is a novelty, a fleet of automated trucks might be a major boon to a transport company, and a city full of cars fully networked and aware of the position of other cars on the road at all times has the potential to run with minimal congestion and reduce fuel consumption and pollution. LA County, for example, estimates impressive results just from optimizing their traffic signals. This is without the benefit of gathering real-time data on vehicle positions and speed, which could improve the efficiency of such a program further.
There are other practical benefits that we see daily, TVs capable of streaming content without the need for another device attached, smart watches and smart phones can give you a plethora of information at your fingertips (or wrist), and appliances are just a few of the items in your home that you could connect. Thermostats, lighting systems, and security systems that are all networked back to the internet make it so your house can be checked on and controlled from the nearest available device. This is all well and good, but what happens when these devices find their way into the office?
So my scenario of an evil toaster is probably a little unrealistic. Many companies have items that have potential to be part of an IoT. Coffee makers, weather stations, and vending machines, come to mind. HP released a study in 2014 stating that the average IoT device contained twenty-five vulnerabilities, and 70% contained at least one. I view these devices as having two major points that need to be addressed, 1) their connection to the internet, and 2) where the data they transmit gets stored. The first can be addressed by proper research, vetting of devices, and implementation by the entity responsible for a company’s network security. This would include network segregation, firewall configuration, and patching, as well as taking any additional steps to secure the existing network against potential intrusion. The trickier part is what data do these devices gather on their own, where do they send that data, and who is responsible for it once it leaves your company? If these questions can be answered to a company’s satisfaction, there is still a certain level or risk that has to be accepted. But as more and more device become part of the Internet of Things, there’s no reason individuals and companies can’t enjoy the benefits.
Stay up to date with the latest technology trends by following our NCI Blogs. Contact us today for more information on how we can help you secure your devices and prepare you for new technologies.