Pandemic IoT increasing supply-chain vulnerabilities
The technological landscape is ever changing. Global events like COVID-19 can rapidly change the way we interact with technology. The rise of the Internet of Things (IoT) during the pandemic created new access points for attackers to access our networks and personal information. The result is potential new weaknesses in supply chains.
Without the right tools, it can feel like new vulnerabilities are constant and true security is unattainable. Luckily, Hadrian is ideally positioned to support customers. Hadrian helps protect customers against new vulnerabilities by proactively adapting to changes and providing detailed insights into how systems work.
Supply chain attacks happen when an attacker uses an outside partner or provider to gain access to an enterprise system. A chain reaction triggered by one attack on a single supplier can compromise an entire network.
In 2018, the personal information of thousands of customers using Ticketmaster UK was compromised due to an attack that targeted third party code. Ticketmaster was using a plugin from a third-party supplier on its payment pages. The plugin was infiltrated using malicious software resulting in customer information being compromised. With the expansion of IoT during the pandemic supply chain attacks are more commonplace
Hackers get into supply chains in a multitude of ways. Practices include injections of malware and ransomware, phishing scams, where individuals are manipulated into giving information, and the creation of counterfeit hardware parts. A particular vulnerability is the growth of the Internet of Things.
What is IoT and how does it work?
The Internet of Things is a system of connected devices which transfer data to each other over a network without requiring human interaction. IoT examples include devices like smart refrigerators, smart locks, and smart lighting which the average consumer may have in their home.
As more IoT technologies are connected to the network and more information is shared between devices, access points for hackers increase, and your attack surface expands. Dependence on IoT opens up organisations to more third-party vulnerabilities. One device being compromised can open up the entire network to attack, making IoT security increasingly important.
IoT has often been used in healthcare, meaning IoT data is often sensitive. For instance, wearable devices monitor vital signs and environment by tracking movement and activity. When COVID-19 came onto the scene in 2020, many experts turned to IoT for solutions. In 2020, 84% of businesses claimed IoT was essential for their survival during the pandemic. DCMS found that almost half of UK residents had purchased at least one smart device since the start of the outbreak.
IoT based projects have been beneficial during the pandemic. For instance, touchless hand disinfection machines which dispense hand sanitiser are all around us. Touchless hand sanitiser stations record and upload data track hygiene practices. Others use smart-control methods, including IoT sensors, to limit sanitiser waste.
As well, COVID tracking constitutes 14% of COVID-19 IoT projects. If you’ve interacted, or uploaded personal information to an app that records statistics or maps outbreaks you’ve interacted with IoT. Despite the importance of pandemic IoT in everyday lives, the quick adoption by so many users has created many vulnerabilities. The extent of these vulnerabilities has only recently begun to be measured.
Devices like coronavirus doorbells, which detect people with high fevers outside your home, have also come on the market. These devices contain a host of potential security breaches. Smart doorbells have a history of being compromised. In smart doorbells manufactured by Qihoo, covert DNS channels were used for malware delivery. Digital lock picking has also been used to access passwords on mobile applications used to control the digital doorbell devices. Although IoT devices can be extremely helpful it’s important for developers to be aware of these potential difficulties.
How Hadrian helps with IoT security
IoT security is possible and there are solutions which protect your organisation while allowing you to benefit from IoT. For instance, it is important to make sure that networks IoT devices connect to are protected from infiltration. Through proactive scanning and the collection of real time data Hadrian helps to map your attack surface and identify such vulnerabilities.
The way IoT interacts with company networks is best thought in terms of layers. The first layer is your company’s network, this is connected to the cloud via a firewall. The firewall is a piece of software that monitors the traffic between the company network and the cloud. Firewalls are typically used to block incoming requests.
Hadrian focuses on that first layer. Hadrian's automated system finds ‘holes’ in firewalls that may be allowing requests containing potential threats. For instance, applications with unauthorised access which also contain vulnerabilities. By scanning and identifying threats Hadrian limits the ability of attackers to access any data stored on IoT through companies’ networks.
The second layer - the IoT - is behind this first layer. IoT devices tend to have their own operational technology networks that are separate from the company network. However, they can pass information on to the company network and it is this part of the system that Hadrian proactively protects.
When Hadrian looks for holes in the first layer it also sees the layers behind it. Hadrian collects real time data which can identify if there’s a leak in one of the IoT devices contained in the second layer. By identifying the leak, Hadrian identifies if an access point allowing connection to an enterprise’s network has been created. If one of the IoT devices was able to pass along a piece of malware Hadrian could detect that too.
As supply chain attacks become more common it is important for organisations to pay attention to what is connecting to their network. The potential for IoT technologies to increase supply chain vulnerability should not deter organisations from capitalising on the benefits of IoT. Hadrian’s innovative solution offers organisations a way to protect their networks without shying away from the benefits of IoT.