Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The IoT: Gateway for enterprise hackers

Taylor Armerding | Dec. 12, 2016
The risk of notoriously insecure Internet of Things devices is not so much that those devices themselves will be compromised, but that they provide dozens – perhaps hundreds – of openings that could allow attackers to get inside an enterprise network

A very merry Christmas could give way to a not-so-happy New Year security hangover for enterprises, once a few million more Internet of Things (IoT) devices are unwrapped and migrate from homes into the workplace.

So, a webinar this week hosted by The Security Ledger titled: “Who Let the IoT in?: Finding and securing wireless devices in your environment,” was designed to offer some advance advice on how to cope with it.

Paul Roberts, founder and editor in chief of The Security Ledger, who moderated the event, began by framing part of the problem: Although the IoT is now well established, many of the legacy tools enterprises still use to identify and manage vulnerable devices were, “designed for the ‘Internet of Computers’ rather than the IoT.

“They’re poorly suited to spotting the radio frequency and other wireless communication protocols that connected smart devices use to communicate and function,” he said.

In other words, if you can’t see it, you can’t manage it. So, much of the discussion centered on what to look for and how to find it. Ted Harrington, executive partner at Independent Security Evaluators and one of three panelists, said that consumer IoT devices, “are being brought into the enterprise in an unsanctioned, even if unintentional, way.”

And the warning is that these devices are indeed a clear and present danger to enterprises. They remain notoriously insecure, which makes them the weak link that can allow attackers to hack into them and then “pivot” too much more important and valuable parts of the network.

The panelists noted that besides the devices themselves, another element of the expanded attack surface is being created through relatively new kinds of wireless networks that cater to low-power IoT devices like electric meters or smart watches, which emit small amounts of data.

Bob Baxley, chief engineer at Bastille Networks and another panelist, said the, “long-range, low-power, low-data-rate, nearly free protocol,” offers an alternative to WiFi and cellular, which have different strengths and weaknesses but are both “power hungry.”

He said the new networks amount to, “a huge slice of the performance space,” that until recently was not covered by other protocols or vendors. “Once you have it, you can start deploying sensors widely for pennies, and it opens up a whole bunch of new use cases for a whole bunch of things,” he said.

So, of course, new and established companies are flocking to it. Baxley mentioned Sigfox, LoRa and NarrowBand IOT, but added that, “huge players like Comcast, Verizon and Orange have publicly announced they are getting into this space.”

Of course, enterprises are likely aware of their IoT devices that differ from the consumer market – Baxley mentioned the sensors that handle the physical security system, such as door locks, and said other automated systems include everything from forklifts to lighting to the HVAC environmental controls in a data center.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.