Thursday, January 26, 2017

FCC warns of national security risks from IoT, private networks

In Security we always say, your security is only as good as your weakest link, Let me introduce you to your weakest cyber security link, the Internet of Things or IoT. Let me explain how this works, or is working. You buy a cheap thermostat that allows you to control the temperature of your home or office, from your android or I phone. Now comes the start of the Espionage attack, the thermostat has a very small program inside it to allow all the communications to happen. the small program like most IoT devices has very little room for any security protocol's. So now all that security you put on your home or office computer network, is gone with a cyber attack on your neat whizzbang thermostat that you just had to have so you could control the temperature via your phone. Now that I have the password to your home or office router, I am into your system. But not only do I have access to your home or office network, I have access to your phone you used to check the temperature. Now this could happen to virtually any of your IoT devices, CCTV cameras, your Smart TV, your inexpensive router, or even your Smart Refrigerator or Smart Scale you use in the morning to check your weight. If you stop by your local hardware store, you can find IoT devices everywhere, from the Smart locks for your home or office, even the Smart light bulbs that allow you though your phone to change the light levels in your home or office. Now think, to make all these devices inexpensive enough for you to buy, they have very little in the way of security, and since they want anyone to be able to install them, they are made to link to your home or office network quickly and easily, which means even less security. Now your computer is compromised as well as your phone, so the bad guys have access to your bank codes, if you use your laptop to communicate with the office, or if you have a contract with the US Government, the bad guys now have your access codes to those computer systems as well. Your weakest link, is now the weakest link of one of our Government Agencies. All this because you wanted to change the temperature of your home with your phone. Chinese products like cheap CCTV cameras, have over 80% of the market share of cameras sold, they also have more security vulnerabilities built into them than any other product. China has built espionage back doors into a great number of them, if not all of them. Some act like the cheap smart phones the Chinese have flooded our markets with, and send messages like the codes to your routers out to specific collection servers both here and in China, the phones are known to send out messages every 15 min. One message they send are a list of all the IoT devices integrated into your home or office. Once they have these then even if you change the phone to a more secure one, they can still get back into your system. The USA Chamber of Commerce was hit a few years ago, and teams of Government Cyber Security Specialists came into to help them clean out the problems. It took a little time, but they thought they had them all, and left. Two weeks later the entire computer network was compromised again. The teams came back and spent even more time clearing out the system, in the end they found a Smart Thermostat and a cheap all in one printer where hard wired to leak router codes that let the Chinese back into the system. The thermostat was built in China, but the printer was not. Further testing of the printer showed the scanner assembly of the American printer was made in China, and that is where they hid another hard wired espionage device. As you read this article one thing will show up time and time again, and that is most of these vulnerabilities we have bought and brought into our homes and offices. All the bad guys have to do is exploit the vulnerabilities of our IoT weakest links.
from CTI Consulting

No comments:

Post a Comment