‘All Your Networks are Belong to Us’

Like it or not, when a client hires you to install their home technology, implied is the assumption of liability for anything that happens to their network. Whether or not you understand this implication at the time of sale is your call. I don’t know about you, but being proactive vs. reactive always has served me well.
Author:
Publish date:
Social count:
0

Last year, I read the book “Future Crimes: Everything Is Connected, Everything Is Vulnerable and What We Can Do About It,” by Marc Goodman. The book is exactly as the title suggests: a deep dive into how frail our network security systems are and how pointless our notion of perceived security is. The book made me feel like my 20-year career in IT was worthless. By the end of the book, I realized that promising bulletproof security to our customers was pretty pointless, and the best we can do is to focus on deterring bad guys (much the same way the physical security industry approaches each project).

I decided to take one of Goodman’s examples from the book and test it out. I’ve become jaded from all of the fear mongering prevalent in the media and wanted to play with fire. Goodman told of a camera taken over in a child’s nursery and a new mother being caught off guard by a hacker cursing at her through the camera’s integrated speaker. I had one of the same cameras lying around and decided to set it up in my media closet to see if Goodman’s sizzle had any steak to it. How likely were we to get hacked? Like most of you, I like to learn my lessons the hard way. I soon found out.

Image placeholder title

A Foscam Wi-Fi camera similar to the author's

Fast-forward a year. Zoom in on the Clifford family, eating dinner when we started hearing voices coming from the media closet under the stairs. I initially thought my son was playing pranks on us (the apple doesn't fall far from the tree) but he swore it wasn't him. We all approached the closet cautiously and I threw open the door. There, on top of my NAS, sat the Foscam Wi-Fi camera I’d placed there to see if it would ever get hacked. The hacker had seized control over the PTZ camera and two-way audio capabilities. I stared into the camera. After a few lame jokes, he simply said, “Change your password.” I promptly unplugged the camera and tried to settle down my wife and mother-in-law. I realized my curiosity had unnerved them. Whoops.

Like it or not, when a client hires you to install their home technology, implied is the assumption of liability for anything that happens to their network. Whether or not you understand this implication at the time of sale is your call. I don’t know about you, but being proactive vs. reactive always has served me well.

Since you’re going to be on the hook for supporting the network (whether you like it or not) why not make some money while you're at it? Network security hasn’t been a bigger issue before 2016 because we didn’t have that much to protect. As the promise of smart appliances and other home technology crashes in through the IoT, cyber-crime abetting physical breaking and entering is going to become more of a reality.

We haven’t heard many stories about smart locks, lighting control, or video surveillance systems in the home getting hacked, but it’s only a matter of time. Remember all the stories about Teslas and other vehicles getting hacked last year? That’s coming right at us in the home. When the first big story hits about security flaws in any IoT gear, it’s going to drive paranoia and fear, while at the same time raising awareness. The heightened awareness will lead to better security measures, and the CEDIA channel can position itself proactively through education, leading with conversations about using gear with strong security, and practicing common sense when it comes to network security.

Some great resources exist out there for making sure your networks are secure (deterring to the maximum; remember just like physical security, if someone wants it bad enough, they’re coming in. Deter, deter, and deter). ShieldsUp (https://www.grc.com/shieldsup) has been around for a long time and is a great way to see how you appear to a hacker from the outside. BullGuard (http://iotscanner.bullguard.com/) is a recent addition to the scanner market and does a great job determining if your IoT devices are visible to Shodan (an IoT search engine). Try out both on your own networks at home or your office and you might be surprised at what you find. We need to protect our own houses before we have any business securing others. Your customers will appreciate the education (watch the nerd speak and focus on benefits) and do more business with you as a result.

Stay frosty and see you in the field.

Related