IoT: the PC is no Longer the Main Access Point for Hackers

The number of IoT devices is set to triple this decade. Devices such as printers, vending machines, wireless keyboards and even lifts are now access points to businesses for hackers.

The adoption of the Internet of Things (IoT) has exploded in recent years.

When this decade began, there were approximately 9.76 billion IoT devices deployed worldwide, according to Statista data. Just over a decade later, in 2030, it is estimated that there will be three times as many – 29.42 billion.

We live surrounded by smart and internet-connected devices: smartphones, speakers, robot hoovers, surveillance cameras, smartwatches… These kinds of devices allow us to do many things and simplify our lives, but their use also entails some risk, something we have already mentioned on occasion.

Although there is a need for greater awareness, many users understand the threat they pose and know the importance of the security of this type of equipment. However, we sometimes fail to realise that there are many other IoT devices that can be a gateway for hackers.

This risk is of particular concern in the corporate environment, as cybercriminals are constantly looking for weaknesses within corporate networks. Check Point Software highlights some of these neglected devices that can seriously compromise the security of any company.

For example, multifunction printers can be a silent spy. Keep in mind that they not only print, but also scan, copy and, in many cases, send emails or documents to the cloud. Many printers even have internal hard drives that store copies of all the documents they process.

Thus, if a cybercriminal gains remote access to them, they could retrieve documents with sensitive information or be an attack vector for altering settings. It could even be used as an entry point for more far-reaching attacks.

Security updates should therefore be kept up to date, as well as changing default passwords and limiting access to network functions to only necessary users.

Smart coffee and vending machines can also be a gateway. There are many machines that connect to the internet to enable functions such as card payment or remote inventory tracking.

Check Point Software warns that most IT security policies often do not consider these devices, which may have unpatched vulnerabilities or weak default settings that facilitate unauthorised access.

If the machines are connected to the same network as critical devices, they could be used as an access point for ransomware attacks, especially if they operate with known operating systems and internet connectivity. It is therefore imperative to segment them into a separate network from vulnerable systems and monitor any unusual activity.

Wireless keyboards and mice can also be exploited by cybercriminals. The cybersecurity company explains that some wireless keyboards or mice can be vulnerable to force-pairing attacks, where an attacker forces a connection to an unauthorised device to capture keyboard clicks and mouse movements or even inject commands.

Many of these peripherals do not use encryption to protect data transmission, making it easier for cyber attackers to intercept these communications. Check Point Software therefore recommends choosing models with strong encryption and avoiding their use in environments where information security is critical.

In addition, the company points out that there are many other connected devices in the business environment, such as smart TVs, lifts, sensors, video surveillance elements, etc.

Check Point Software stresses that all of these must be properly managed to minimise the attack surface. It specifies that these devices must be kept under control through an up-to-date inventory, as well as establishing and enforcing connection policies, and monitoring and patching their vulnerabilities so that they form part of the company’s comprehensive security policy.