As Smart Devices Make Their Way into the Workplace, Are They Putting Your Company’s Networks at Risk?

Tomorrow’s office environments will be defined first and foremost by IoT devices, but enterprises won’t be able to make good use of them without powerful networks that can support the dozens or hundreds of demanding new connections.

According to the McKinsey Global Institute, by 2025, enterprises will collectively enjoy between $70 and $150 billion of annual economic benefit from Internet of Things (IoT) devices. A wide variety of innovative IoT devices are already starting to make their way into office environments across the country. “Smart plugs,” for instance, are becoming increasingly popular, as they offer enterprises a way to cut down on one of their biggest expenses: energy.

Nearly 29% of the average U.S. office buildings’ operating expenses go to utilities — predominantly electricity and natural gas (for heating) — and many of these costs get passed along to tenants. A single desktop computer that is consistently left idle over nights and weekends can add over $100 to a company’s annual energy bill, and on an enterprise scale, this kind of waste can add up remarkably quickly. Smart plugs enable enterprise stakeholders to use a phone app to schedule on/off windows, turn off lights that are accidentally left on outside of business hours, and more.

Air quality monitors that track temperature, humidity, carbon dioxide, and volatile organic compounds (VOCs) — often found in paint fumes and cleaning products — and remote-controlled, cloud-connected security cameras are also becoming fixtures of the modern office.

The Risks Associated with IoT

The benefits of an IoT-driven office don’t come without risks, however. In 2016, two white-hat hackers demonstrated a proof-of-concept for a ransomware attack against an IoT thermostat. “It heats to 99 degrees and asks for a PIN to unlock which changes every 30 seconds,” explains one of the hackers. “We put an IRC botnet on it, and the executable dials into the channel and uses the MAC address as the identifier, and you need to pay one Bitcoin to unlock.”

An attack like this could easily be used to cause massive corporate disruptions, whether by running up an enterprise’s heating bill when nobody’s there to notice or holding a workforce hostage with unbearable working conditions until a ransom is paid.

Users of “smart locks” ran into major problems in 2017, as well. After smart lock vendor LockState sent out a faulty over-the-air firmware update, eleven of their keyless lock systems suddenly “bricked” their users, preventing thousands of people from dialing into their homes and offices. Similarly, a glitch in two AMAG Technology Symmetry Edge Network Door Controllers exposed a variety of companies to serious physical security breaches.

“An attacker with network access to vulnerable door controllers could remotely trigger door lock and unlock commands,” explains a report from Dell Secureworks. “In addition, an attacker could inject arbitrary ID badge information into the controller’s internal database, allowing unauthorized entry using an illegitimate ID badge.”

Other problems caused by IoT devices are less terrifying, but no less of an inconvenience. For instance, just last month, users who connected Google Home Maxes to networks powered by TP-Link Archer C7 routers experienced repeated mysterious connectivity outages. According to TP-Link, these connectivity issues can be traced back to Google Home’s “Cast” feature, which periodically transmits MDNS multicast discovery packets in order to establish and maintain a continuous network connection.

“These packets [are] normally sent in a 20-second interval. However, we have discovered that the devices will sometimes broadcast a large amount of these packets at a very high speed in a short amount of time,” says TP-Link in a support article. “This occurs when the device is awakened from its ‘sleep’ state, and could exceed more than 100,000 packets…This issue may eventually cause some routers’ primary features to be shut down — including wireless connectivity.”

The Importance of an IoT-Grade Network

Similar connectivity-hampering issues are almost certain to plague enterprise-grade IoT devices for years to come. We’re in the early stages of the IoT revolution, and there are a lot of kinks that still need to be worked out.

The best way to adapt to an IoT that is still developing is to create a high-performing corporate network with robust security. IoT devices offer enterprises a wealth of benefits, but they also place new — sometimes unprecedented — demand on a company’s entire IT infrastructure.

Fortunately, by partnering with a networking expert like Turn-Key Technologies (TTI), companies of all shapes and sizes can ensure that their networks are ready for the coming flood of intelligent devices. At TTI, we have over two decades of experience in the corporate networking world, and can create a customized networking solution to fit any company’s unique needs.

By Craig Badrick

02.15.2018

Sign up for the TTI Newsletter