Report: List of Top 10 Internet of Radios Vulnerabilities

Posted by David Oro

The IoT has a big security problem. We've discussed it here, here and here. Adding to these woes is a new report on the Top 10 Internet of Radios Vulnerabilities. Yes, radios...because IoT so much more than data, networking, software, analytics devices, platforms, etc. When you're not hardwired, radio is the only thing keeping you connected. The findings come from Bastille who, like many vendors, has a clear commercial, self-serving interest in the findings, but nonetheless, the study is interesting given the fact that the largest DDoS attack ever was executed using "dumb" connected devices. Bastille defines the Internet of Radios as the combination of mobile, wireless, bring your own device (BYOD), and Internet of Things (IoT) devices operating within the radio frequency (RF) spectrum.

The vulnerabilities are:  

  1. Rogue Cell Towers (‘Stingrays’, ‘IMSI Catchers’)

  2. Rogue Wi-Fi HotSpots

  3. Bluetooth Data Exfiltration (tethering)

  4. Eavesdropping/Surveillance Devices (e.g. conference room bugs)

  5. Vulnerable Wireless Peripherals (mice/keyboard)

  6. Unapproved Cellular Device Presence

  7. Unapproved Wireless Cameras

  8. Vulnerable Wireless Building Controls

  9. Unapproved IoT Emitters

  10. Vulnerable Building Alarm Systems

In addition to the Top 10 list, Bastille has released results of the “Bastille Internet of Radios Security Poll.” Nearly 300 global professionals took part in the poll, offering a snapshot into enterprise awareness and preparedness of Internet of Radios threats in the workplace. The poll was conducted July 26–August 3, 2016 and was comprised of visitors to the Bastille, KeySniffer and MouseJack websites. The majority of respondents (69%) reported they were employed in the IT and cybersecurity industries. Key takeaways:

  • 78% of respondents believe the threat from the Internet of Radios will increase in the next 12 months.

  • 50% of respondents believe IoT devices are already impacting security.

  • 51% of respondents say their companies have adopted a BYOD policy, but only 24% say the policy is strictly enforced.

  • 42% of respondents say their organization has not implemented a BYOD policy at all.

  • 47% of respondents say their organization is not currently using a Mobile Device Management (MDM) system, compared to 41% that already have one in place.

 Photo Credit: Sergio Sena 

Previous
Previous

IoT Security: How to Protect Connected Devices and the IoT Ecosystem

Next
Next

What Bruce Schneier teaches us about IoT and cybersecurity