In my earlier posts, I talked about the presence of Internet of Things (IoT) devices being connected to the network just like the rest of an organization’s devices and computers. This homogenous approach to Network Access Control introduces many potential risks and doesn’t consider the exponentially increased attack surface these in-plain-sight, but out-of-mind, devices pose.
Krebs On Security published an article that described a Distributed Denial of Service (DDoS) attack these devices recently fell victim to. Interestingly enough, the source of that DDoS attack was a collection of botnets that were IoT-based. What that says to me is IoT devices are vulnerable just like the rest of a traditional IT network. In fact, due to the sheer pervasiveness of IoT in our everyday lives, it’s safe to say IoT devices may create even more vulnerabilities than a traditional IT network. I mean, think about it: you can’t walk into a Best Buy, or even a Home Depot for that matter, without seeing “Home Automation this” or “Smart lights that.” I’ve heard a myriad of numbers, but any way you slice it, there will be soon be tens of Billions (that’s billions with a “B”) of IoT devices deployed and connected, somewhere to something.
So, how did I get from my first blog focused on a small city or county building “somewhere in mid-America” (now I have The Counting Crows’ Omaha stuck in my head), to talking about Billions of devices connecting into this intertwined mesh of computing devices that are ripe for the picking/hacking? Simple, they are one and the same. Unsecured endpoints in any network creates significant vulnerabilities.