Mobile devices are ubiquitous – including in business, where mobility implementations are becoming increasingly commonplace. Add to that the enormous amount of connected devices that companies are adding through IoT implementations, and the increased risk to business of cyberattacks using mobile and connected devices as entryways into corporate systems and data is readily apparent.
Indeed, the 2016 Mirai botnet attack leveraged connected devices to shutdown significant portions of the internet – and IoTroop, a sort-of Mirai 2.0, if you will, has been found by researchers on approximately 60% of corporate networks. What researchers haven’t yet discovered is to what ends IoTroop will be used. It’s capable of executing arbitrary commands from the botnet controllers, and is still (apparently) passively waiting for orders to launch DDoS attacks, to access corporate data, or even to execute code with a purpose and intent that only the hackers are currently aware of.
How Network Device Attacks Happen
A common attack vector for any hacker looking to get malware onto connected devices is via the device firmware. Put simply, firmware is the built-in code inside of the device that controls, at a low level, what the device does. When a user instructs a device to turn on its camera, for example, it’s the firmware that does the actual work of talking to the camera and turning it on. When a device wants to communicate with a network, it’s likewise the firmware that manages that connectivity and communication. Thus, in some very real ways, firmware can be thought of as the brain of a device, enabling and controlling all of its functionality and abstracting away from the user all of the details.
And that’s exactly why firmware is such an attractive target for hacking attempts. If a hacker can gain control of the firmware, it can be used to completely control the device: Cameras and microphones can be turned on, authentication credentials stolen, and any other device functionality accessed. Even worse, when the hackers are clever – and they generally are fiendishly clever – all of this happens without device users even being aware that the device firmware has been compromised.
In addition to the device control afforded by a successful firmware attack, there’s another reason why firmware is a favored target among hackers: It’s frequently left unpatched by the user, even when updates have been published by the device manufacturer. Because patches are often issued by the OEMs to address discovered security flaws, and the flaws themselves are frequently published by way of warning, an unpatched device becomes an extremely easy way for hackers to gain device control: They simply scan networks, probing for unpatched devices – and once they find one, it’s relatively simple to execute code that takes advantage of the security flaws and thus allow the takeover of the device.
Securing Against Firmware Attacks
Because so many successful firmware attacks involve unpatched devices, huge security gains can be realized through the common-sense step of making sure that all networked devices – be they mobile phones, tablets, IoT sensors, or what have you – are properly updated whenever a new patch is released.
The fly in that ointment, however, is that larger companies and organizations are typically trying to manage thousands or tens of thousands of devices connected to their networks and to their data. Monitoring for available updates for a wide variety of connected devices can be tedious for IT staff, as can be patching all of those devices once the necessary updates are known. When compared to the other, more immediate daily concerns of IT – servers are down, the backups failed, the CFO wants to work from home but their VPN authentication doesn’t work, et al. – the tedious chore of device patching often gets pushed down the priority queue.
Enter the concept of mobility management. Taking some of the burden off of IT and other staff is one of the primary ways in which mobility management providers can shine. That’s because, amongst other functions, mobility management providers often have a primary responsibility of ensuring that all managed devices are always updated. The shift in responsibility off of IT and to the mobility management provider has two extremely important benefits: It reduces the workload of IT, making them better and more efficient at the things they should be doing, and it also becomes an important part of corporate security in helping to prevent attacks against their mobile device and IoT firmware.
About Wireless Watchdogs
The threat to companies through unpatched firmware is very real. As mobility management providers, it’s our job to be cognizant of potential threats and to help our clients defend against them. We manage mobile, IoT, and other connected devices for clients both large and small, and with years of experience we’re good at what we do. If you’d like to help your IT department run more efficiently and cost-effectively while focusing on the CFO’s VPN connection, while at the same time increasing security and protecting your valuable company network and data, let us know. We’ll be glad to talk over your situation and let you know how we might be able to help with firmware security through better mobility management.
IoT Managed Services White Paper
When Wireless Watchdogs was founded, managed mobility services was largely all about mobile devices. But IoT has swelled the numbers of connected devices in business, and along with the large numbers of IoT devices comes an attendant need to properly manage them. Check out our free white paper for some things you should look for when considering your options in hiring an IoT managed services provider to help make sense of it all: