There has been an increase in warning from Security Experts regarding the lack of of adequate protection form the effects of hacks invoking SMART devices.
What Are SMART Devices?
SMART devices are connected to the internet, such as your TV, your NEST Thermostats, even Fridge Freezers and CCTV systems. These are every day devices that are now classed as “SMART” because of their internet access.
Because these items are “mundane” items, things that we would not necessarily account as security risks, unlike phones and computers, their often over looked in audits and security scans. But what these items allow, is connection to physical items. Hacking a PC is one thing, gaining access to your house CCTV or Thermostat is another risk, one that we should be more aware of.
But simply due to the fact they are on the internet, means that the hack may not effect you directly. Accessing them to create a “Bot Net” is another risk, where the hacker simply uses your systems to attack a 3rd party.
No Universal Standards?
One of the major issues regarding new technology, is the slow up take of a standard. Normally they fight it out among themselves, until a group agrees to go in one direction. Even so, there will often be ones which refuse to accept these standards. Right now, the SMART items, don’t follow a universal standard. Each one has its own unique way of connecting to the internet and doing what it needs to do. With no standard, it becomes increasingly difficult to organize their security.
What Does This Mean For Your Business?
As is standard for most common security audits, usernames and passwords should be changed for all devices that connect to the internet. Default user names and passwords are an instant fail for many audits.
Microsoft has also compiled a checklist of security best practice. This highlights the different areas of security that need to be addressed by the organisations involved throughout the lifecycle of an SMART system e.g. manufacturing and integration, software development, deployment, and operations.