Internet of Evil Things Lurks in Corporate Networks

There are more than 16 billion connected computing devices now deployed, according to ABI Research, which have significantly expanded the productivity options in our interconnected world. But that proliferation has also vastly expanded the attack surface and the headaches for IT administrators. In fact, 83% of respondents in a recent survey from Pwnie Labs said that they’re concerned that rogue or unauthorized devices could be operating, undetected, in their network environments already.

The problem of unauthorized, bring your own device (BYOD) endpoints simply escalates when it comes to Internet of Things (IoT) devices—especially given the rapidly expanding market of low-cost, plug-and-play, cyber-espionage devices.

Pwnie Labs, the research and development division at Pwnie Express, noted that this latter group of devices represent an emerging threat vector and nefarious counterpart to IoT, which it has dubbed the Internet of Evil Things (IoET).

The IoET has opportunity to infiltrate corporate environments fairly easily: In the survey, 69% of security professionals concerningly said that they do not have full visibility of all the wireless devices within their network environment. Rogue access points, Mi-Fi and mobile hotspots were identified as the most concerning, high-risk devices today.

In an effort to define an industry framework for a comprehensive, industry-wide IoET defense, the firm assessed and analyzed a sample of more than 250,000 wireless devices detected by Pwn Pulse, Pwnie’s rogue device detection system, across a variety of customer environments and industry verticals. The analysis resulted in an industry-wide categorization of the most prevalent hardware device threats affecting today’s global IT infrastructure into three key areas:

Unauthorized & Unchecked: This area includes rogue hardware, such as shadow IT and high-risk BYOx devices. The most prevalent devices diagnosed by Pwnie Labs in this category include HP printers deployed in a highly vulnerable default configuration state—default passwords, unencrypted Wi-Fi, wide-open default configuration—in 83% of customer environments. These default-state printers can be undermined to expose confidential print jobs, compromise corporate client devices and leveraged as a backdoor into private corporate networks. Also, the firm discovered a complete lack of encryption, also known as “open” networks—and this was the most common risk affecting vulnerable wireless access points detected in 69% of networks.

In the analysis, the firm found that Xfinity Wi-Fi has dominated the Wi-Fi landscape as the most common open or unencrypted network, in 58% of environments.

Pwnie has dubbed the second category “the Internet of Insecure Things.” This represents the proliferation of vulnerable IoT devices, such as hackable thermostats, critically flawed cars and vulnerable medical devices.

The third category involves weaponizing IoT: This represents the commoditization of malicious hardware, from Evil Twins and APs to HAK5 Wi-Fi Pineapple and Keygrabber Wi-Fi devices.

“This report underscores the need for increased visibility and actionable intelligence on all devices across the enterprise to enhance an organization’s ability to quickly identify and thwart an attack,” said Paul Paget, CEO at Pwnie Express. “It’s our hope that by offering a classification structure for high-risk devices, infosec professionals are empowered to mobilize and begin assessing their security systems’ readiness to defend business-critical infrastructure against the IoET threat.”

What’s Hot on Infosecurity Magazine?