The Office Coffeemaker Has Been Weaponized
An October surprise – a massive DDoS attack taking down some of the world’s most popular websites - has shown just how open “backdoors” into printers, webcams, and office phones can bring the internet to a crawl. Hackers now have both the path (through devices connected to “the internet of things”) and arsenal (malware known as “Mirai”) needed to beat domain name service providers into submission.
Right now, there is no rating system, no good housekeeping seal, no best practices to protect you from bringing one of these “weapons” into your office. That doesn’t mean you can’t take some steps to protect yourself.
Pwnie Express’s report, The Internet of Evil Things, provides insight on products that the IT professionals should be wary of. Using the report’s research and additional information from Pwnie’s researchers, we have five fast steps you can take to prevent your workplace devices from being unwilling soldiers in a botnet army:
Turn it Off.
Turn off these devices when you are not using them, especially on the weekend - it saves energy and minimizes your exposure to hackers.
Use It or Lose it.
Once the product is in your office, turn off the functions you’re are not using. Enabled functionality usually comes with increased security risks. Again, make sure you review that before you even bring the product into the workplace. If it’s already there, don’t be shy about calling customer service and walking through the steps needed to shut down any unused functions.
Change Your Passwords.
Even after you do that, you should still change the default password. Set up strong passwords – or passphrases, like a favorite song lyric (as long as you don’t mention what your favorite song is on Facebook or other social media pages).
Research Your Purchase.
Before you even buy a product, research what you are buying and make sure that you know how to update any software associated with the device. Look for devices, systems, and services that make it easy to update the device and inform the end user when updates are available.
Trust and Verify Every Device.
Be aware of the devices from brands known to have more vulnerabilities than others. Brian Krebs included a list of devices hit in a recent blog post. The personalization of (formerly) corporate hardware, including mobile hotspot vendors, is one of the top threats to network security. For example, in the 2016 Internet of Evil Things report, our researchers found some brands included more vulnerable hotspots than others:
There is no substitute for the help and guidance of a professional using the best equipment to detect hacker activity. However, until the cavalry arrives, you can take can some defensive measures to protect the devices in your office as well as those who bring their own devices and hook up to the network.