Connected devices are everywhere and spreading at a tremendous rate. They are a massive benefit in many walks of life. Unfortunately, however, they can also prevent a huge risk to network security and, ultimately, our own physical safety.
Telford & Wrekin Council found that out the hard way this week, when it’s connected sign-boards in the town’s flagship development at Southwater was hit by hijackers.
From being interactive and informative displays, the giant boards ended up as a very large and very public platform for pornography! It’s unclear at this point whether they were hacked or infected with malware.
This is, of course, the very last thing that any council wants. And while the problem was apparently handled fairly swiftly, by disconnecting the offending devices, it raises huge issues.
Any network has vulnerabilities and requires careful thought and planning to ensure it is protected. This can be quite onerous on users, with passwords, restrictions, secure tokens and the like often demanded to ensure only authorised use. What this incident shows is that there should be no shortcuts in security.
All the way back in 2015 we highlighted the growing risk from “Internet of Things” (IoT) devices. Manufacturers began churning them out in all forms once the technology was ripe for public consumption, but they often skipped the security hardening. In many cases devices shipped with default passwords and ports that users were not forced to change, meaning many people just stayed with those defaults for ease of use – thus creating a rich playground for hackers.
Hijackers in your doorbell?
This problem is only going to grow as we add connected doorbells, home speakers, internet lightbulbs, wi-fi video cameras and even air quality detectors to our networks. Each poses a risk as an entry point to every other device on your network.
While business users might be more organised and cautious in introducing IoT devices (though not all will be!), the proliferation of such items in people’s homes creates a possible mega army of devices for attackers to infect and control. Once they have that network that can, and will, use it against businesses and national infrastructure.
Many a smile has been raised by the mishap in Southwater (unless you work in council IT…) because images of the unfortunate change of use were captured and widely shared on social media.
It raises huge questions about the rise of increasingly connected communities, operated by councils. Hackers could be getting into traffic lights, power supplies, alarm systems, communications and more.
This is a problem that needs investment and expertise now, because when those systems get hacked, it won’t be so funny.