Connected Crisis: How a WIFI Thermostat Hijacked a Corporate Network
Download MP3Here's a topic we've covered a few times in the past, but this is an interesting spin on it. This comes from the Cyber Security Hub, where they talk about smart devices on your network. Most people have very strict intentions about wanting to protect their computers and cell phones from hacking, viruses, or cyberattacks. But consider the other devices that are within your network, even something as simple as a Wi-Fi router. That router connects to your internet and connects to your network so that it's a portal where people can attack it.
We have a client where the attack that came into their network actually came in through a wireless smart thermostat. It was a device that was in the office that covered or controlled their heating and cooling system. It was something where it automatically turned on and off based on a certain time of day, but it also had a Wi-Fi connection and a hardwired connection to their network. So that when their office opened up for the week, it noticed when people came in the door, when computers turned on, and raised or lowered the heat accordingly. There was also part of the programming for this Wi-Fi thermostat to be able to detect the number of people that were logged into systems so that it could put a certain amount of heat load into the programming for this system.
Now, you probably have antivirus software or protection software on all your computers, but your Wi-Fi thermostat is probably not a device you think of protecting. But because it's connected to the internet, a hacker was able to get into it. Because it is connected to other computers, they use it as a vector to get usernames, passwords, and logins for some of these computers. That was their entry point. Anything that is a device connected to the internet or to your Wi-Fi network is a potential portal. It's kind of like if you lock all the doors and windows to your house, but you have a dog door that is open, somebody could crawl through it. Still, it doesn't lock your house. That's what this device did. So keep track of all your smart devices, even things like garage door openers, lights, or any kind of automation you have. Smart devices are all potential threats, even the word smart. If it's smart enough to control your network, it's also smart enough to do damage if somebody else gets a hold of it. That's not the person that you want to trust with your computer access.
