Law firms, like most businesses today, have embraced the convenient but usually hidden technologies known as the “Internet of Things.” This extension of internet connectivity into everyday objects and physical devices offers everything from constant video monitoring, to automatic locks, to dynamic heating and cooling adjustments. IoT devices look, listen, transmit, and record trillions of data points, and a report by ForeScout Technologies suggests that the number of connected devices will reach more than 20 billion by next year.
But all this convenience comes at a price. IoT devices are particularly vulnerable to compromise because they are relatively invisible to routine patching (if they allow patches), often do not have any security safeguards, and do not always have access controls. An infected device can, for example, open the backdoor to denial of service attacks, enable hacker control of locks and surveillance equipment, open opportunities for snooping and recording of phone calls, and generally create a gateway through which to launch spam campaigns, steal data, and change credentials.
Let’s look at some vulnerable IoT devices commonly found in today’s law firm:
IP-Connected Security Systems and Infrastructure. Think of cameras, smart meters, and HVAC controls. Hacks of these devices can cause problems ranging from spying via video and audio, to destruction or disabling of critical equipment to disrupt operations or to allow for physical break-in.
Smart Video Conference Systems. This category includes smart TVs, as well as DVR devices, which are typically connected via Wi-Fi or Ethernet. Compromise scenarios include real-time monitoring of communication, as well as use of the system as a launch pad to the network.
Printers & Phones. Wireless printers can allow almost undetectable access to confidential information (real-time or stored jobs) or, if compromised generally could allow a hacker to obtain administrative passwords and create a network bridge. Because VoIP phones are internet connected, their configuration settings may be compromised to allow call snooping or even to create outbound calls.
Light Bulbs? Yes, light bulbs! According to the above ForeScout report, smart lightbulbs operate on Wi-Fi and mesh networks. “In a wireless mesh network, the network connection is spread out among dozens or even hundreds of wireless mesh nodes that “talk” to each other to share the network connection across a large area.” The more nodes, the more avenues for entry into a system without being on the network.