When a major electronics firm started seeing strange documents being printed out remotely on more than 100 of its smart printers late last year, it frantically contacted the manufacturer to investigate.
The firm nervously wondered how — and why — an unauthorized third party was sending documents to its printers remotely. And worse, it feared its entire corporate network had been breached. The manufacturer immediately called in the big guns, Charles Henderson, global head of X-Force Red, a professional hacking team at IBM Security, for answers.
“Unless you believe in ghosts, you get kind of concerned when your printer just starts printing stuff out that you can’t account for,” said Henderson, who declined to name the firm for privacy reasons.
His team quickly identified the problem as a flaw in the printer’s remote access function, and a patch fixed the vulnerability.
Finding and testing for flaws and breaches in smart devices is Henderson’s specialty. “I run a team of hackers,” is how Henderson describes his role, then clarifying they are paid professional hackers who look for bugs, glitches, and malfunctions.
And with demand for smart devices, ranging from smart lights to outdoor sprinklers, surging in mainstream America, his job has gotten a lot busier.
“We’ve received roughly five times the number of requests for security testing of IoT [internet of things] devices in the last year,” Henderson said. “Growth has been immense over the last year to 18 months.”
Indeed, the soaring popularity of smart speakers, like Amazon Echo and Google Home, is starting to move the “Smart Home” into mainstream America. It’s no longer just tech geeks and phone-obsessed millennials who are scouring the tech universe for information on the next best gadget that lets them control lights, TVs, appliances, door locks, and even lawn sprinklers with a voice command or tap on a smartphone.
But all of this buzz and hype are putting pressure on smart device makers to rush their gadgets into the market while demand is hot — and sometimes, this means security features take a back seat, Henderson said. And cyber criminals are watching.
“Criminals rob banks because that’s where the money is,” said Charles Golvin, senior research director at Gartner, a research and advisory firm. “They’ll commit cyber crimes because that’s where the opportunity is.”
Some get crafty, making mock interfaces on a person’s phone that look like an IoT’s interface login to steal passwords — similar to the way thieves send fake emails to people pretending to be from credit card companies and banks.
Experts caution consumers to research carefully and move diligently when adding smart devices to their home network. “If one device gets compromised, it could be the same as allowing an attacker to plug into the entire network,” giving the criminalcontrol over all devices, Henderson warned.
Concerns about privacy and the complexity of smart home devices are two reasons fully outfitted smart homes are not likely to happen overnight, experts say.
Wanting — and actually installing — smart devices are very different scenarios with the latter requiring patience and diligent research in navigating through a costly, cumbersome and often time-consuming process.