Smart home devices aren’t just for the home. Businesses are inviting more and more internet-connected devices into their offices and buildings as well. While the technology may simplify some tasks, security experts warn that the Internet of Things is also opening companies up to more security threats.
Cybersecurity firm Trend Micro recently released a new report that shows how smart home devices can expose companies in unexpected ways and create new points of entries for attackers. According to the firm, there are three primary categories of automation systems that are used by companies: Local stand-alone servers, cloud-based servers, and virtual assistant-based servers. All three present unique challenges to secure, lest you leave yourself open to a potential attack.
To track the threat, Trend Micro researchers set up 100 connected devices in two sites to see how security lapses develop. What they found were the more devices and actions that are added to a network, the more complex the system becomes and the more prone to errors it is. With the introduction of smart home devices like smart speakers and other voice-controlled appliances, the threats become even more challenging to account for. An attacker could theoretically clone a person’s voice and issue commands, add a “phantom device” to fool smart locks and other security systems and even inject a bug that could shut off internet-connected alarms.
An attacker could find unsecured devices within a work environment by using Shodan, a search engine that shows exposed internet-connected appliances. By finding one device that lacks proper security, an attacker could target it and gain wider access to a business’s network. Something as simple as a smart speaker with a weak password could result in a hacker gaining access to sensitive information.
“IoT devices, their uses and the environments in which they are used have all gotten more complex very quickly, but security is still not built into these devices,” Greg Young, vice president of cybersecurity for Trend Micro, said in a statement. “Today, personal and corporate data may cross many routers, an IoT control, various IoT protocols and more all within a day’s work. This creates an ideal situation for criminals — why attack a robust enterprise when the remote worker’s smart home is exceptionally vulnerable.”
For businesses bringing smart home devices into the workplace, Trend Micro recommends taking the following steps to assure the internet-connected product won’t expose any sensitive information: Enable password protection and pick a safe and unique password, change any default settings, don’t use any unverified third-party apps, keep firmware up to date, enable encryption when possible, and make regular backups.
