Here at Interplay, we focus on maintaining business cybersecurity day in and day out, and we’ve solved a lot of weird cybersecurity problems. Sometimes, however, we run across something in the news about IT security that just makes us shake our heads in wonder – and usually, such jaw–dropping news stories have to do with unsecured IoT devices.
You gotta hear this story.
Here’s the setup: Linda Lyons in Orinda, California (East of Berkeley, and incidentally, the second–most friendly city in America) was cooking for her family on a laid–back Sunday afternoon when she was suddenly interrupted by horrifying news.
She heard an emergency broadcast alert blare out from her living room, along with an announcement that the United States had retaliated against Pyongyang, North Korea, and that North Korea had launched three intercontinental ballistic missiles that were heading for LA, Chicago, and Ohio.
According to the announcement, people in the affected areas had only three hours to evacuate. From here, we have to quote The Mercury News, which ran the story and really highlighted the scene quite well:
“Lyons and her husband stood slack-jawed in the living room, terrified but also confused because the television continued airing the NFC Championship football game. As their scared 8-year-old son crawled underneath the rug, the couple realized the apocalyptic warning came from their Nest security camera atop their living room television.”
After finding out that the news was coming up from their Nest device, they called 911 and Nest to get answers. They found out they had been hacked.
(We’re assuming that, at that point, the Lyons’ kid finally came out from under the rug.)
The Mercury News story clarifies that Nest was not breached in the attack, but that the device itself was hacked. How? Because the Lyons family neglected to follow (or were unaware of) password best practicesfor their Nest surveillance camera, which meant they were vulnerable to malicious hackers.
We’ve mentioned password security before on this blog (a lot), but we can’t stress enough:
Secure passwords are really, really important.
Other Nest attacks include the story in which a hacker infiltrated a baby monitor in Houston and threatened to kidnap the child, and the story about a Canadian hacker who breached a Nest system in Arizona so he could teach the owner how to secure the system. (That sounds a lot like the PewDiePie printer hackings.)
A recent study on Nest security said that “the problem most often lies in how the devices are configured and used in the smart home, especially in terms of setting the account password” (emphasis ours).
Last month, we talked in depth about IoT security (or lack thereof), and how IoT is being brought into your workplace and endangering your network security. IoT, or the Internet of Things, consists of internet–connected devices that share data back and forth, like smartwatches, smart TVs, FitBits, smart fridges, Amazon Echo or Google Home devices, those Philips Hue light bulbs, and, of course, Nest thermostats and surveillance cameras.
Unfortunately, since IoT devices are typically developed for consumer use instead of business use, cybersecurity is a secondary (or non-existent) concern for the products’ developers. Even if the manufacturer has set good security in place for their device, the consumers need to bolster cybersecurity with good password practices.
Having a home network breached is bad enough (especially if the cybercriminal infects your home network with ransomware instead of pranking you with nuclear threats) but having your business data breached — for any reason — can be an absolute disaster.
You might face non-compliance fines, you might suffer reputation damage after disclosing the breach, you might be on the hook for legal fees, or you might experience all of that.
Take it from us: you don’t want to deal with lax IoT cybersecurity fallout.
Here’s the best way to avoid issues.
Adwait Nadkarni, an assistant professor of computer science and the lead investigator behind the Nest security study we mentioned earlier, said the main problem of IoT hacks comes from people’s habit of recycling the same passwordsfor all (or many) of their online accounts.
As Nadkarni states, “If even one of the services is compromised, the attacker can use the password to gain access to everything else.” He recommends (as do we), “…using a password manager to use different passwords for all services and enabling 2-factor authentication.”
As we mentioned at the beginning of this article, we run across truly surprising cybersecurity problems every week. Here’s the thing though, many of the issues we deal with can be easily prevented.
To protect your own systems:
Sound like a lot of administrative hassle? A good MSP can take care of all those boring yet important tasks for you, so you can avoid business cybersecurity problems.
Since 2001, Interplay has been dedicated to securing Seattle’s business IT systems. In our current age of questionable cybersecurity and constant hacking attacks, our clients have, time and time again, defended their systems from cyberattacks and cybercrime because they have a reliable, detail-oriented IT team that gets hands-on with protecting IT around the clock.
Can you say that you have that same level of security at your business?
Learn how easy it can be to improve cybersecurity so you can avoid surprising and terrifying IoT attacks (and more) at your business when you contact Interplay.