Report: Smart Buildings at Risk for Hackers

Internet of Things (IoT) automation platforms are becoming more common in houses, apartments and commercial real estate buildings. Thanks to advances in technology, “smart buildings” do everything from turn on lights, to arm security systems and manage computers.

However, the IoT platforms are also presenting cyber attackers with “new opportunities for both physical and data compromise,” according to a press release from Trend Micro. The company recently issue its “Securing Smart Homes and Buildings: Threats and Risks to Complex IoT Environments,” which indicated that attackers can take control of complex IoT environments — CIEs — and to everything from secure entry into a house, to issue commands to virtual assistants, to steal information.

Furthermore, an attacker “can monitor activity within the home or building through sensors, cameras and any other devices capable of collecting information from its surroundings,” the report noted. The way in which hackers and attackers can do this is by tampering with logic and/or rules inherent in the automation server, which connects the devices. With the CIE consisting of at least 10 IoT devices that are functionally chained together and integrated into an environment supported by the automation platform, a hacker can create a great deal of mischief and harm to a home or building environment.

Trend Micro suggested the following to discourage potential hackers and cyber intruders via IoT automation platforms:

• Enable password protection on devices such as smart phones, tablets, webcams and computers.
• Replace default passwords with strong passwords. “Users routinely do not change the factory default passwords on their devices, and these . . . passwords can be easily discovered using any internet search engine,” the report said.
• Do not jailbreak or root devices. “Jailbreaking” refers to the process of removing manufacturer or carrier restrictions from iOS, while “rooting,” an Android device gives the user access to an entire operating system. Either method can disable built-in security systems which, in turn, makes it easier for attackers to compromise devices.
• Do not install applications from unverified third-party marketplaces. Apps installed from such sites can have backdoors built into them, that hackers can use to steal personal information, or even take control of the device.
• Follow router-specific best practices, which include enabling the router firewall, disabling WPS and enabling the WPA2 security protocol. Use an especially strong password for Wi-Fi access.
• Make regular backups of the configuration and automation rule files of IoT automation servers. If possible, rely on a source-code versioning or version-control software to revert code quickly, as well as to track historic changes.

For comments, questions or concerns, please contact Amy Sorter