As technology advances, more facilities are utilizing web-connected devices to increase company efficiency. This new era of the Internet of Things (IoT) is quickly changing the way the food and beverage industry does business. But it doesn’t come without its drawbacks. Recently, the FBI issued a public service announcement warning businesses and consumers about how IoT devices pose serious security risks and can leave you vulnerable for malicious cyberattacks.
According to the FBI, deficient security capabilities and the difficulties in patching the vulnerabilities of IoT devices place users at risk. These factors, along with a lack of consumer security awareness, provide cyber criminals with opportunities to exploit these devices, allowing them to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information or interfere with physical safety.
The main IoT risks include:
-An exploitation of the Universal Plug and Play (UPnP) protocol to gain access to many IoT devices. The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication. It is designed to self-configure when attached to an IP address, making it vulnerable to exploitation. Cyber criminals can change the configuration and run commands on the devices, potentially enabling them to harvest sensitive information or launch attacks against homes and businesses or engage in digital eavesdropping.
-An exploitation of default passwords to send malicious and spam e-mails or steal personally identifiable or credit card information
-Compromising the IoT device to cause physical harm
-Overloading the devices to render them inoperable
-Interfering with business transactions.
Unsecured or weakly secured devices provide opportunities for cyber criminals to intrude upon private networks and gain access to other devices and information attached to these networks. Examples of such incidents include:
-Cyber criminals can take advantage of security oversights or gaps in the configuration of closed circuit televisions, such as the security cameras used by private businesses or built-in cameras on baby monitors. Many of these devices have default passwords cyber criminals know; others broadcast their location to the Internet. Any default passwords should be changed, and the wireless network should be protected by a firewall.
-Criminals can exploit unsecured wireless connections for automated devices, such as security systems, garage doors, thermostats and lighting, allowing them to obtain administrative privileges. With these, criminals can access a home or business network and collect personal information or remotely monitor the owner’s habits and network traffic.
-E-mail spam attacks are not only sent from laptops, desktop computers or mobile devices. Criminals are also using home-networking routers, connected multimedia centers, televisions and appliances with wireless network connections as vectors for malicious e-mail. Devices affected are usually vulnerable because the factory default password is still in use, or the wireless network is not secured.
-Criminals can also attack business-critical devices connected to the Internet such as the monitoring system on a gas pump. Using this connection, a criminal could cause the pump to register incorrect levels, creating a false gas shortage, allowing a refueling vehicle to dangerously overfill the tanks or interrupting the connection to the point-of-sale system, allowing fuel to be dispensed without registering a monetary transaction.
To defend and protect against attacks, the FBI recommends isolating IoT devices on their own protected networks, disabling UPnP on routers, purchasing the devices from manufacturers with a proven security track record and updating IoT devices with security patches when available.
“Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses,” the FBI says. “If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow the device to operate on a home network with a secured Wi-Fi router.”