Could the last one to be hacked please remember to turn the lights out on their way offline?

 In ITC's Threat of the Week

In case you haven’t heard – the “Internet of Things” (IoT) is here to save us. Stick sensors and IP addresses on everything (especially the Kool-Aid dispensers) and all the world’s problems will shortly thereafter be solved by a single cloudy Hadoop instance.

Take the humble light bulb as a perfect example of where things are heading. For the past hundred and thirty years or so the progress of the human race has been held back by our reliance on aptly named ‘dumb’ light bulbs – offering a single shade of white, only able to be controlled from a single button on the wall and, worst of all, lacking an API!

Compare this with a modern IoT connected light bulb – give a bulb an IP address and you can teach it to not just shine light, but also change colour, be controlled from a web browser, flash red when you get a Twitter message and all other manner of totally pointless crud. Oh, and you might also open up a nice back door into your network because the guy who designed that bulb was far more interested in that cool Twitter use-case than understanding how strong encryption should be implemented.

LIFX, one of a couple of companies who make net connected bulbs, released a security advisory last week to advise us that their bulbs were accidentally broadcasting your WiFI key to anyone nearby as a result of a botched encryption implementation (Storing the same static AES key on every lightbulb manufactured and providing a handy JTAG header too, uh-huh. Seehttp://contextis.co.uk/blog/hacking-internet-connected-light-bulbs/ for a full write up).

To their credit, an updated firmware was released that fixed the hole, but with a projected 212 billion ‘IoT’ devices coming online by 2020 (about 30 for every person on the planet?!) there are clearly going to be a lot more vulnerabilities, the majority of which will likely go unnoticed and unpatched.

So whilst BYOD tablets and the like currently remain the most likely harbingers of malware waiting to infect your network, it won’t be too long before you need to be on the lookout for strange lightbulbs, smoke alarms, plant sensors, iWatches and whatever else might find its way onto the corporate wifi.

Knowing what should and shouldn’t be on your network, and being able to accurately classify and assess the devices as and when they connect has never been more important. If you don’t get this under control now it’s only going to get harder. We’ve got the technology and the expertise to help with this – seriously – we can spot that errant lightbulb in seconds. Want to know more? Don’t hesitate to get in touch with us on sales@itcsecure.com or call 0207 5173900 and we’ll be glad to explain what you can do to get things under control.

Author: Kevin Whelan

Recent Posts

Leave a Comment

totw