By 2020, the world will be home to 50 billion connected devices, the home of 50 billion – ready for hacking wearables and IoT devices. The Internet of Things is an alarming threat for enterprise environments, which are increasingly vulnerable to the smartphones, smartwatches, fitness bands and other connected devices their employees are bringing into their offices.
With five connected devices per person by 2017, the exponential rise of the Internet of Things (IoT) poses challenges for today’s security professionals who are responsible for the protection of individual devices, information networks and physical environments. The radio frequencies emitted by the ever growing IoT is diminishing “wired risks” and ushering in new, complicated and airborne threat vectors.
Founded in April 2014 by veteran Internet security executive, Chris Rouland, Bastille Networks is the first and only company to completely secure the IoT on corporate campuses by identifying airborne threats and allowing for preemptive response. Through its proprietary software and sensor technology, Bastille safely and privately scans a corporation’s air space, giving security personnel visibility into every RF-emitting device on a premise. As a result, companies can accurately quantify risk, mitigate threats and ultimately stop hacking wearables and IoT devices.
At the most complex level, Bastille’s ambient detection enables security teams to prevent RF data leakage by identifying airborne threats and flows. The patented solution also provides a complete, holistic solution with visibility into the location and movement of each wearables/IoT device – helping protect physical and human assets.
Sniffing radio-frequency emissions to prevent and protect – hacking wearables and IoT and monitoring the usual behaviour of IoT devices not only allow detection of malicious activity and help companies prevent the hacking but also helps in preventing other potential computer crimes by measuring in real time the typical radio-frequency signature of all the devices in an office—sensors, industrial control systems, employees’ phones, their fitness bands, Wi-Fi routers, and so on.
See below a nice and simple presentation by James Lyne the Director of Technology Strategy at Sophos on hacking IoT.
If anything unusual develops, because a sniffing device has been placed in the office, for example, or because someone appears to be remotely accessing an IoT connected device for malicious purposes, Bastille can tell the IT staff. Bastille has been testing its technology with some financial services companies since December 2014 and plans to make its technology available to other companies in late this year. (2015)
In the pilot test, CEO Chris Rouland says, the sensors are being placed in areas considered most important to secure, like data centres and executive offices.
Matt Reynolds, an associate professor at the University of Washington who researches radio-frequency technologies, says that one challenge in using radio-frequency monitoring is that not all devices advertise their presence by emitting signals. Some could be set to wake up only when triggered by an attacker. “The mere fact that the device is not advertising its presence doesn’t mean it’s not present and listening,” he says (see “Internet of Treacherous Things.”). “Just like the rest of the Internet, the advantage is on the attacker,” Reynolds says.
Source: WT VOX