BOSTON, Mass. — April 15, 2015—The proliferation of more than 16 billion connected computing devices today has significantly expanded the attack surface of our interconnected world. Unauthorized, BYOD, vulnerable Internet of Things (IoT) devices, and a rapidly expanding market of low-cost, plug-and-play, cyber espionage devices represent an emerging threat vector and nefarious counterpart to the Internet of Things (IoT): the Internet of Evil ThingsTM (IoET). Pwnie Expresstoday introduced The Internet of Evil Things: The Rapidly Emerging Threat of High-Risk Hardware report. This report defines the key factors and IoET threats facing businesses today, outlines the top IoET-related concerns of security professionals and offers a proposed industry framework toward a comprehensive defense against the IoET.
“There’s not a CIO out there who has an effective umbrella strategy for the Internet of Things today,” said Shawn Wiora, CIO and CISO at Creative Solutions in HealthCare. “The attack surface is gargantuan – and continues to grow exponentially. Making matters worse, current approaches don’t offer the robust, enterprise-level security that’s needed.”
More than 600 security professionals were surveyed for the quantitative portion of this report on rouge device awareness and concerns. Top findings include:
· The vast majority (83 percent) of respondents are concerned rogue or unauthorized devices could be operating, undetected, in their network environments already;
· Compounding the problem, 69 percent of security professionals report they do not have full visibility of all the wireless devices within their network environment;
· Rogue Access Points, MiFi and mobile hotspots were identified as the most concerning, high-risk devices today.
In an effort to define an industry framework for a comprehensive, industry-wide IoET defense, Pwnie Labs, the research and development division at Pwnie Express, assessed and analyzed a sample of over 250,000 wireless devices detected by Pwn Pulse, Pwnie’s rogue device detection system, across a variety of customer environments and industry verticals. The analysis resulted in an industry-wide categorization of the most prevalent hardware device threats affecting today’s global IT infrastructure into three key areas:
· Category One: Unauthorized & Unchecked: Classifies rogue hardware, such as shadow IT and high-risk BYOx devices. The most prevalent devices diagnosed by Pwnie Labs in this category include:
o HP printers deployed in a highly vulnerable default configuration state – default passwords, unencrypted WiFi, wide-open default configuration – in 83 percent of customer environments. These default-state printers can be undermined to expose confidential print jobs,compromise corporate client devices and leveraged as a backdoor into private corporate networks;
o Complete lack of encryption, also know as “open” network, was the most common risk affecting vulnerable Wireless Access Points detected in 69 percent of networks;
o Xfinity wifi dominated the WiFi landscape as the most common open or unencrypted network in 58 percent of environments.
· Category Two: The Internet of Insecure Things: Represents the proliferation of vulnerable IoT devices, such as hackable thermostats, critically flawed cars and vulnerable medical devices.
· Category Three: Weaponizing the IoT: Represents the commoditization of malicious hardware, from Evil Twins and APs to HAK5 WiFi Pineapple and Keygrabber Wifi devices.
“This report underscores the need for increased visibility and actionable intelligence on all devices across the enterprise to enhance an organization’s ability to quickly identify and thwart an attack,” said Paul Paget, CEO, Pwnie Express. “It’s our hope that infosec professionals are empowered to mobilize and begin assessing their security systems’ readiness to defend business-critical infrastructure against the IoET threat.”
The IoET represents an emerging threat vector that will only grow as adoption of connected devices continues to surge across the globe. InfoSec professionals, industry experts, and security-conscious organizations are invited to learn more and contribute to the effort at www.internetofevilthings.com or via email [email protected]
To download a free copy of The Internet of Evil Things: The Rapidly Emerging Threat of High-Risk Hardware, please visit: www.internetofevilthings.com.
The quantitative portion of The Internet of Evil Things: The Rapidly Emerging Threat of High-Risk Hardware is based an online market research study conducted by Pwnie Express in December 2014. Survey respondents included 621 information security experts (including 43 chief information/security officers and 99 information security directors/managers, and 169 infosec specialists) at organizations across 5 continents. Most respondents were from US-based enterprises (87 percent).
About Pwnie Express
Pwnie Express, the world leader in remote security assessment, enables organizations to detect and deter attacks in wireless environments and remote locations by mitigating the growing attack surface created by the emerging threat vectorfrom the Internet of Everything (IoE), including high-risk BYOx, vulnerable IoT devices, and purpose-built malicious hardware. Pwnie Express provides continuous visibility throughout the wired/wireless/RF spectrum, across allphysical locations including remote sites and branch offices, detecting “known-bad”, unauthorized, vulnerable, and suspicious devices.
Thousands of organizations worldwide rely on Pwnie products for unprecedented insightinto their distributed network infrastructures. The award-winning products are backed by the expertise of Pwnie Express Labs, the company's security research arm. It is headquartered in Boston, Massachusetts. To learn more, visit www.PwnieExpress.com [email protected]