This could have been avoided if a few precautions were taken when the device was connected. Speaking in terms of a business network, changing the default password, connecting it to a guest network separate from the company network and changing the default password on it would have probably prevented it. You probably didn’t even know that your WIFI thermostat helped stop the internet that day, but I am sure that many of you that are reading this had exactly that happen and you never knew. They are like dormant Decepticons that share your space and use your internet. Another tip is to make sure that the firmware is updated on these devices to keep them up to date if the manufacturer releases updates for them. Other than just starting a DDoS attack, keep in mind that it is on your network. If compromised and malicious code can be loaded on it, why wouldn’t it search the network for personal information or corporate files such as accounting data? Credit cards? Emails? I have heard some of our clients say “we have nothing to hide” but there is always something you don’t want to fall into the wrong hands.
Another example was given during one of the sessions at the Cyber Security conference and it was that there was a company that had a small conference room that had a video camera and microphone used for videoconferencing. The company was engaged in many board meetings in that room during a time of a merger. It was found later that the microphone (not the camera) was turning on during these meetings, but at no other time and that voice data was being transmitted over the network and to an IP address outside of their network. Before you think that you can find out where it really went, remember that almost every hacking involves an oblivious third party in the middle These are called “Man in the Middle” attacks. I has this conversation with a prospect a couple of weeks ago where they wanted to be secure, but didn’t want to spend too much to be REALLY secure because they are just a small company in the middle of nowhere. But, being vulnerable enough and under the radar, a hacker would steal from a large company by way of the coffee shop in another state or country because they probably did attach an IoT to their network and didn’t change the password on it. When the IP is traced from the affected company, they are knocking on the door of a small company that had no idea they were compromised – but not directly hacked for their own information.
So it’s true about your toaster – it really can rule the world if you don’t pay attention to it.
As always, we are here if you want to understand how to protect your organization or home from being vulnerable.