IoT a headache for IT in the age of 5G
A new generation of connected devices must be factored into security considerations at home and in work, says Jason Walsh
27 October 2021 | 0
The rush to enable remote working in March 2020 understandably led to some rather loose interpretations of security policies, but a year and a half later, even as ad hoc arrangements are being formalised, a threat persists in the form of connected Internet of Things (IoT) devices so seemingly innocuous that they barely get a second thought.
Some, principally in industrial applications, provide useful core data for businesses. Others are a little more dubious. Any who doubt the proliferation of IoT devices need only look at the @InternetOfShit Twitter account and marvel at the range of devices uselessly given MAC addresses.
More are on the way, too: the rollout of 5G networks will see ‘smart city’ projects mushroom. Even if autonomous cars, first tested in 2005, remain some way off, high-speed, low-latency networks will kickstart a revolution in edge processing applications – and in the devices doing the processing.
Just what is in these devices is a major issue. Digital sovereignty has now made it to the diplomatic top table with a diverse cast of characters raising concerns: both former US president Donald Trump and his successor, incumbent Joe Biden, placed restrictions on Huawei, while French president Emmanuel Macron, increasing his country’s research budget, has stressed the importance of the EU developing its own technology. Disquiet exists even among friends: Britain has raised the alarm on the sale of Arm Holdings to US chip giant Nvidia.
Beyond the possibility of phone-home firmware slipping into corporate networks, a more immediate concern is consumer-grade devices where the use of cheap components, driven by razor-thin margins, means devices are often unsecured or left unpatched as support disappears along with the manufacturer.
Recently published research from Palo Alto Networks found a wide array of curious computers were turning-up for work alongside staff: 78% of respondents who have IoT devices connected to their network reported an increase in non-business IoT devices on corporate networks in the last year.
The report said the unlikeliest of devices, from treadmills to automated pet-feeders, were logging in. It also found 78% of IT decision-makers reported an increase in IoT security incidents.
IoT devices are often seen as having low computational power, but this is neither necessarily true nor the issue: poorly secured or unsupported devices create a vector for attack.
“Bad guys are using ML and bots. They’re leveraging the same technologies as the organisations are using to stop them. All these guys are trying to do is leverage some way into an organisation,” said Palo Alto Networks’ Ireland country manager Paul Donegan.
Obviously, the threat is most severe with remote workers, and education is needed on what should and should not be connected as well as router tactics such as network segmenting, he said.
“It just doesn’t make sense [but] it comes back to education. For example, I have my work laptop and other work devices connected separately from everything else,” said Donegan.
Nonetheless, IoT devices are also finding their way into offices. Just think of the proliferation of smart TVs or the existence, for some reason, of connected light bulbs. Every other IT purchase has to be made on the basis of a business case, so perhaps replacing them with ones that don’t feature quite as much silicon would be a bright idea.