Smart devices, devices that are connected to the internet, are here to stay creating a parallel internet of devices conencted to other devices that is called “The Internet of Things”.
But as more and more devices are connected to the internet (it’s already billions) what are the risks to security?
At first sight, it doesn’t seem likely that putting a smart security camera over the front entrance to your office is adding to risk rather than reducing it. But it may be.
The most obvious risk from devices like cameras that are connected to the internet is one of network security. Internet-connected devices may sometimes provide easy ways to penetrate corporate networks, especially if default passwords (often available online) are not changed.
This threat to network security is a big issue, but it is already well recognised by the IT industry. I’d hope your IT support already have a list of any devices other than computers that connect to your corporate network. It would be worth asking.
However, the threats go beyond network security.
If the security camera’s data is accessed by unauthorised people then this is a threat in itself. Often default passwords (easy to find on the internet) are left unchanged by the people installing them, making it relatively easy for hackers to take control of a device as well as downloading data from it. There are already instances of baby monitors being hacked, so why not an office or shop security camera?
What are the dangers here?
Combine camera data with facial recognition software and images on Facebook and you have in theory a way of identifying shoppers. If that data got into the public domain you have the potential for a breach of data protection laws.
Not that likely to happen though.
But what happens if I am not interested in shoppers generally, but I am interested in a few high profile individuals? Potentially it would be possible to get the images of senior people in a particular industry and then see who is visiting which suppliers or clients. That could be very valuable strategic information.
Alternatively security camera data could be used in phishing and pharming scams. Find out when and where members of a company go for lunch, send them emails saying they are due a free loyalty sandwich because they visited at a certain time, ask them to register their details, and take them to a site that downloads key-logging software …
Of course you could do this without accessing the security camera data if you wanted. But the beauty (if that’s the right word) of hacking an Internet-of-Things device is that you don’t have to be present and you can therefore target numerous organisations from the comfort of your own bedroom.
There are other dangers too. Security cameras remotely operated by criminals or hacktivists might pick up the details of confidential documents. Lighting and heating could be switched off remotely to cause business disruptions. Factory machinery could be compromised (think Stuxnet).
So far, there aren’t too many examples of remote hacking of internet connected devices (although smart refrigerators have been implicated in at least one “DDoS” attack on a website. But give it time.
How secure are your smart devices? Do you even know how many you have?