IOT in corporate networks – current studies prove the danger

M.Sc. Moritz Gruber

IOT in corporate networks – current studies prove the danger

Smart heating controls and smart TVs have long since found their way into our private households. This trend is increasingly being adopted by the business community, resulting in a significant increase in the number of IOT devices in corporate networks. The latest studies by American security researchers shed light on their dangers.

The phenomenon described by the security researchers at Zscaler is called Shadow-IOT. Shadow IOTs are devices that reside on the corporate network but are not work devices, such as smart watches, smart TVs, home automation and others.

Study proves the danger of IOT in corporate networks

The security researchers who published the study operate a security cloud through which their customers can route all their data traffic. This traffic is analyzed by algorithms of the security experts for attacks and malware. The study described that the security researchers were able to identify 533 different IOT devices in corporate networks within the first 2 weeks of 2019.

In further measurements by Zscaler’s security researchers, IOT traffic in corporate networks increased 15 times. This shows all the more how current this development is and that it is not expected to decline in the next few years.

Dangers of IOT devices in company networks

This is also in line with our experience, during our pentration tests at companies. Also there we find from year to year more and more IOT devices which, mostly unpatched, are a great danger for the security of the company. The above mentioned study comes to the same conclusion, which in 2019 found about fourteen thousand malware attacks on IOT devices per month. This is a major problem, as many IOT devices in corporate networks are accessible from the Internet due to incorrect network settings. In combination with easily guessed passwords, attackers can easily penetrate the internal company network and steal data in this way.

There are, however, various technical and human possibilities to arm oneself against the danger just described.

Security of Internet of Things

One of the biggest problems of IOT devices in general are easily weak passwords. Therefore, one of the easiest ways to protect your passwords is to strengthen them. These should then be as random, long and complicated as possible, for example this procedure can be used. Another major problem is that many of these IOT devices in corporate networks are accessible from the Internet. This is often not done on purpose, as many IOT devices can be automatically connected to the Internet via UPNP request to the router. To solve this problem, the UPNP protocol should be deactivated in the router if this is not required.

Besides the technical security of IOT in company networks, it is always important to inform your staff about the latest developments. Therefore, since the beginning of 2020, AWARE7 explicitly offers live hacking for the topic Internet of Things. Further information can be found here.

Photo of author

M.Sc. Moritz Gruber

Web-Anwendungen sind mein Spezialgebiet. Meine Fähigkeiten konnte ich durch meine offensive Security Certified Professional (OSCP) Zertifizierung ausbauen. Dazu besitze ich die Weiterbildung als Informationssicherheitsbeauftragter nach ISO27001 (TÜV). Ich schreibe gerne über diese und andere Themen im Blog und im wissenschaftlichen Kontext. Mein Name ist Moritz Gruber und ich bin seit der Gründung der AWARE7 GmbH dabei.