Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

IoT Futures – What’s with all the trust?

This last week of Cybersecurity Awareness Month in the US is supposed to prompt us to look at the future of connected devices. Two emails this week stuck out for me on the topic, and I’ll look at them in reverse order for dramatic emphasis:

First – a Bluetooth speaker in your shower. I’m nearly speechless here. I’m generally against anything that can be on the network that is remotely connected to people not wearing clothes. Why? Let’s go back to the blog on how anyone can hack your smart devices through Bluetooth, and hackers are finding new ways despite the laudable attempts to make the wireless interface more locked down.

Why does this matter? Well, do you REALLY want the world knowing when you’re in the shower? If I was a savvy future burglar-hacker, I’d be delighted to know precisely where everyone was in a smart house. I see Bob is in the shower while Sally is in the kitchen playing with the instant pot. Or I see through their network CCTV system that the family is off on a picnic. Perfect time to reach in through the library window and steal that laptop!

And then there’s the Ransomware – some clever person figured out how to compromise an espresso machine. I don’t know about you, but I do NOT need to figure out how to buy and pay a Bitcoin at 8 am in order to secure a cup of coffee. And say I do – I equally do not need the Treasury department getting mad at me for paying money to a foreign agent. They have a lot of “don’t pay ransomware” advice.

It’s true that in a lot of this IoT device-buying frenzy I get a very dark view of what is possible because I’m paid to think like a hacker. Corporations are just starting to adopt Zero Trust strategies that protect their organizations from many forms of ransomware and lateral movement through the environment. I foresee the future of this kind of investment becoming part of the commercial smart device packages over the next couple of years as consumer security catches up with enterprise security. However, it’s not there yet, so I personally won’t be buying a smart appliance outside of the wiretap that gives me pancake recipes.

Although… oh Alexa, I can never stay mad at you when you act as my kitchen timer and let me play Jeopardy at the same time. But I don’t ever use you to order things, and frankly, I monitor my credit card web page weekly. Trust no one and no device. The price of smart devices is eternal vigilance.

 

Topics: Hacking, October Cyber Security Awareness Month, Zero Trust,

Posted by Jeannie Warner on October 29, 2020 6:50 PM

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More

Developer

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More

Events

A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More

Research

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More