I’ve been watching all this coverage about the Superbowl and started thinking about how awesome technology is making the experience for fans. Both Levi’s Stadium and the NFL are forerunners in implementing modern technology, and what they’re building for Super Bowl 50, hosted in the heart of Silicon Valley, is impressive.
Every article I read brags about the 400 miles of cable at Levi’s Stadium that allows wired and wireless connectivity. There are 1,200 Wi-Fi access points. At WrestleMania 31 there were 76,000 connected fans who used 4.3 TBs of data. And the stuff fans can do now includes ordering food and drinks at their seats, purchasing fan gear, watching replays of the game, etc. It’s pretty awesome, and sure beats selfies.
IoT (Internet of Things) technology is also being used to provide security by having sensors monitor parking-lot traffic, scan bags as they go into the park, and even provide real-time physical security responses.
As I take a moment to put on my “bad guy” hat, all this tech makes me wonder…how crazy opportunistic it would be for hackers to run wild at Levi’s Stadium? And if there is one thing we know about hackers, it’s that they’re opportunistic.
There are 70,000+ high-rolling attendees connecting to a public Wi-Fi network, creating a rich target environment, to say the least. A hacker could conceivably bring a device into the stadium, or even just the parking lot, connect to the network and start trying to capture credit card info, usernames/passwords, or install malware. And I’m sure connected devices will be used to support a host of broadcast activities and other functions, too. The potential attack surface is going to be huge. Heaven forbid a hacktivist leverages a vulnerability to disrupt the Super Bowl, Lady Gaga or the onslaught of commercials in some way. There’d be riots.
The reality is that most companies designing purpose-built IoT devices are focusing on functionality and bandwidth—not security. They are trying to solve a specific problem or provide a specific function. Maybe those engineering teams are concerned with security, and maybe not, but it’s not their first thought. And even if they are concerned, they still may not know how to prevent security issues.
Additionally, I think the focus of the IoT technology for the Super Bowl in particular has been focused on physical security. Especially when you think about all the video cameras, parking sensors, badge scanners, etc. These are designed to make us safer, but what happens if they get hacked? We know firemen and police officers are doing disaster-response drills. But are there drills being done on how to respond to a cyber attack? Will it even be recognized if one is happening? I wonder if there will be a cybersecurity response team on site or at least somewhere?
Best case scenario, most corporations, if put in the situation of managing this load of BYOD (Bring Your Own Device) and IoT devices, should have basic monitoring; network access control capabilities that provides visibility into the devices, owners, and basic behavior of the users; and some way to collect this data, analyze it and take an action, like kicking folks off the network. And I also hope every device is still not utilizing its default password, and has been patched.
That goes for fans, too. They should make sure their devices are updated, and that they shut down network capabilities if not using them. And as tempting as it is, maybe don’t use the public Wi-Fi anyway, even if the line for garlic fries is sooooo long and it would be so much easier to order from your phone.
OK. I’m heading to the grocery store to stock up on adult beverages and bacon products in preparation of watching the game from the safety of my couch and at-home Wi-Fi.
Until next time,