{"id":15056,"date":"2015-03-12T17:05:51","date_gmt":"2015-03-12T17:05:51","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=3699"},"modified":"2020-02-26T18:53:17","modified_gmt":"2020-02-26T16:53:17","slug":"internet-of-crappy-things-from-a-business-angle","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/internet-of-crappy-things-from-a-business-angle\/15056\/","title":{"rendered":"Internet of crappy things, from a business angle"},"content":{"rendered":"<p>The world of ubiquitous connected devices is almost here, and it\u2019s so eagerly anticipated that it becoming a reality seems inevitable. Anticipation, however, doesn\u2019t necessarily mean that we are going to have a good time with internet of things. As a matter of fact, every \u201cparadigm shift\u201d of such a global scale brings troubles, unless the appropriate preparations have been made. With IoT it doesn\u2019t seem to be the case: As Alex Drozhzhin at Kaspersky Daily blog <a href=\"https:\/\/www.kaspersky.co.za\/blog\/internet-of-crappy-things\/\" target=\"_blank\" rel=\"noopener\">wrote<\/a>, \u201cThere is a flood of appliances which could be connected \u2013 and some are connected \u2013 without a second thought as to whether or not it\u2019s necessary. Most people barely give a second thought that a hack of a smart-connected appliance could be dangerous and a lot more threatening than a simple PC hack.\u201d<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Internet of crappy things, from business angle #IoT #protectmybiz<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FxGR9&amp;text=Internet+of+crappy+things%2C+from+business+angle+%23IoT+%23protectmybiz\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>In other words, more and more appliances of various kinds arrive \u2013 home electronics, health care devices, even car washes \u2013 equipped with Internet-enabled smart control systems, and they\u2019re remotely hackable.<\/p>\n<p>The situation is pretty clear (or, rather, pretty clearly bad) with home appliances: check out the <a href=\"https:\/\/threatpost.com\/david-jacoby-on-hacking-his-home\/108517\" target=\"_blank\" rel=\"noopener nofollow\">already-famous report by David Jacobi<\/a>\u00a0 about how easily he managed to hack his own smart home to shambles. What about the business angle? The implications are serious and can get ugly.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">A fascinating story how <a href=\"https:\/\/twitter.com\/JacobyDavid?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@JacobyDavid<\/a> hacked his smart home <a href=\"https:\/\/t.co\/ckTyeMVLUp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/ckTyeMVLUp<\/a> <a href=\"http:\/\/t.co\/q4LiqsBnA4\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/q4LiqsBnA4<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/515189019617918976?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 25, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>When a coffee machine gets ear to hear<\/strong><\/p>\n<p>Here\u2019s one scenario: a coffee machine serving a meeting room, where the most confidential information is shared between people. It\u2019s okay if this is just a \u201cdumb\u201d devices, operated with buttons and tumblers, and all it can do is blend the coffee beans then add boiling water and sugar, and fill the cups. But then let\u2019s imagine it is \u201csmart\u201d, i.e. it is WiFi-enabled and voice controlled. \u201cVoice controlled\u201d means that it has a microphone built-in. WiFi-enabled means that it is a) connected to a local corporate network, b) can receive and, most likely, send data, c) remotely hackable if there are flaws in the firmware and the network isn\u2019t protected well enough. And given all this, is it possible such a smart coffee machine could end up a cyberespionage device one day? It is absolutely possible \u2013 unless there are \u201cdraconian\u201d measures applied by the firmware writers to make it impervious to remote hacks.<\/p>\n<p><strong>Background check<\/strong><\/p>\n<p>Actually every \u201csmart\u201d appliance that has functionality to receive data input \u201cin background\u201d \u2013 smart TVs, and any other device with cameras and microphones \u2013 can be used for spying (and occasionally such incidents have\u00a0<a href=\"https:\/\/business.kaspersky.com\/internet-of-things-vulnerability-and-security\/1471\" target=\"_blank\" rel=\"noopener nofollow\">already happen<\/a>). Recent APTs routinely use notebook cameras to take pictures of the environment without users\u2019 knowledge and consent. One can say that it is computers, and not smart devices, but in fact any smart appliance becomes a full-blown computer with the same possibilities and lack of security as its \u201ccommon\u201d brethren. Remember the <a href=\"https:\/\/business.kaspersky.com\/internet-of-things-vulnerability-and-security\/1471\" target=\"_blank\" rel=\"noopener nofollow\">spamming fridge<\/a>?<\/p>\n<p>In the post linked above we wrote about yet another scenario: attackers remotely disable a climate control system at a facility with strict temperature control rules (thus blinding IR security cameras, for instance) or switch off \u2013 again, remotely \u2013 the alarm system in an office building or bank. Then armed men in ski masks come in.<\/p>\n<p><strong>As strong as the weakest point\u00a0<\/strong><\/p>\n<p>Every interconnected system is as secure and reliable as its weakest point. Every new smart device added to a given network is a potential entry point for people with malicious intent. Especially given the fact that the users of \u201csmart\u201d devices often neglect checking the settings, leaving the default ones set (which is a blatant violation of cybersecurity basics). It\u2019s like leaving the keys for the super-secure bank vault at the bank\u2019s doors under the rug.<\/p>\n<p>Vendors of smart appliances are clearly interested in adding functionality (and thus adding value) to their devices. They may be \u201csmart\u201d, they may be convenient to use, and just cool to have. But are they secure enough? Not necessarily.<\/p>\n<p><strong>Presumption of guilt<\/strong><\/p>\n<p>\u201cIn general, the problem is that those who develop home appliances and make them connected face realities of a brand new world they know nothing about. They ultimately find themselves in a situation similar to that of an experienced basketball player sitting through a chess match with a real grand master,\u201d Drozhzhin wrote. Users may also be clueless about the hidden threats that smart devices may pose, \u2013 for them a fancy voice-controlled coffee machine is still a coffee machine, not a ready-to-settle \u201cnest\u201d for cyberspies.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Developers and users should better look into the security of #IoT devices #protectmybiz<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FxGR9&amp;text=Developers+and+users+should+better+look+into+the+security+of+%23IoT+devices+%23protectmybiz\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>And this means that developers of the home and business-oriented smart appliances must take a better look at how secure (or, for now, insecure) their firmware is, while the businesses who deploy such devices in their own networks, should keep them in check, in \u201cpresumption of guilt\u201d mode.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The world of ubiquitous connected devices is almost here, and it\u2019s so eagerly anticipated that it becoming a reality seems inevitable. Anticipation, however, doesn\u2019t necessarily mean that we are going<\/p>\n","protected":false},"author":209,"featured_media":15731,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[],"class_list":{"0":"post-15056","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/internet-of-crappy-things-from-a-business-angle\/15056\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/internet-of-crappy-things-from-a-business-angle\/15056\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/internet-of-crappy-things-from-a-business-angle\/15056\/"}],"acf":[],"banners":"","maintag":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=15056"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15056\/revisions"}],"predecessor-version":[{"id":26495,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/15056\/revisions\/26495"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/15731"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=15056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=15056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=15056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}