In most offices – ours included – the coffee maker is standard operating equipment, and the biggest hazard it poses is running empty before the caffeine-dependent among us are fully awake.
But this recent post caught our attention and raised our awareness about the threat posed by IoT (internet of things) connected devices. The pros at Professional Security Magazine put their skills to work hacking a “smart” coffee machine.
A smart coffee machine may sound fairly innocuous, but it’s not. The risks of a compromised device stretch far beyond a subpar cup of morning joe. Compromised connected devices can open up networks and all devices associated with a network to all manner of risk.
In 2016, hackers were able to launch a DDoS attack that took down sites like Twitter, Spotify, Reddit and more by infiltrating and compromising networks through connected devices like DVRs, baby monitors and IP cameras.
Let’s go back to that coffee pot.
The white hat hackers at Professional Security Magazine were able to manipulate the coffee machine itself to do some fairly annoying and perhaps even dangerous things.
“We infiltrated the coffee maker via Wi-Fi, then set up malicious software updates that made the coffee maker do unexpected and potentially dangerous things. We made the burner overheat, potentially starting a fire. We made scalding water pour onto the burner. We even made the coffee maker send ransomware messages demanding payment,” they said in the post.
But the hacking had more serious and sinister implications. The compromised coffee machine was now a gateway to the network. Hackers would be able to see emails and payment information on purchases made online. They would be able get into security systems, see video cameras, and muck around in other sensitive places.
The proliferation and utility of IoT devices means they are here to stay. At ECT Services, we certainly believe in the power and potential of integrated systems.
So what can you do to safeguard your home and business? Here are a few tips:
Keep connections minimal. Only network and connect to the internet when necessary, and in those circumstances work to minimize exposure and secure connections. If a device needs internet access, understand how it needs to be accessed and take steps to protect remote access channels. One example would be to require use of VPN type services.
Don’t reuse passwords. Especially on your network or wireless router. Remove or disable default accounts if possible and always change default account passwords using strong password standards. Use two factor authentication if a product or service allows.
Know what’s connected. Understand all the devices connected to your network, and why they must be connected. Keep an inventory and audit regularly.
At ECT Services, we approached smart devices very carefully and custom tailor solutions to meet your security needs. Contact us today at (800) 567-1180 for a consultation about your building security and integration.