As buildings and homes are more connected, enterprise businesses face new physical and data security threats
Trend Micro announced new research revealing that internet of things automation platforms in smart buildings are presenting attackers with new opportunities for both physical and data compromise.
The findings have serious implications for organizations operating inside smart buildings, including spying on users, unlocking doors and stealing data, the company said.
The new report warns that automation platforms are increasingly being used to chain multiple devices together to create user-friendly smart applications. This inadvertently creates new and unpredictable attack surfaces that can be hard to manage, Trend Micro said.
“IoT devices, their uses and the environments in which they are used have all gotten more complex very quickly, but security is still not built into these devices,” said Greg Young, vice president of cybersecurity for Trend Micro. “Today, personal and corporate data may cross many routers, an IoT control, various IoT protocols and more all within a day’s work. This creates an ideal situation for criminals – why attack a robust enterprise when the remote worker’s smart home is exceptionally vulnerable.”
Researchers found the biggest issue with automation rules is that they become increasingly complex as more devices and actions are added. They are prone to logic errors, and it becomes more challenging to manage, track, and debug actions, especially if there are functional overlaps between rules, Trend Micro said.
The research reveals a variety of new threats specific to complex IoT environments, including: cloning a user’s voice to issue commands via a voice assistant speaker; adding a phantom device to fool presence detection checks in smart locks to keep doors unlocked; inserting logic bugs to switch off smart alarms and more.
The research also warns that many IoT automation servers are exposed on the public internet, including 6,200 home assistant servers found via a simple Shodan search. Attackers could exploit this security oversight to break into smart buildings, or reprogram automation rules, steal hardcoded sensitive data including router log-ins, add new devices, infect devices with malware, and conscript devices into botnets.
Trend Micro recommends a list of precautionary measures to help mitigate the new threats presented by complex IoT environments, including enabling password protection; changing default settings; not jailbreaking devices or installing applications from unverified third-party marketplaces; updating device firmware; enabling encryption in both disk storage and communication platforms; and making regular backups of the configuration and automation rule files of your IoT automation server.