cancel
Showing results for 
Search instead for 
Did you mean: 

What Do You Mean it Doesn’t Have an IP Address?

Level 10

We are becoming an IP-connected world. Home energy, city lights, cars, television, coffee machines, IP-enabled mobile devices, home security cameras, watches, manufacturing process automation, Star Trek-like hospital monitoring beds, you name it. If it’s been built in the last five years and has any kind of management or monitoring need, the device probably connects to an IP network.

Most of these systems should be non-routable, internally controlled networks to reduce the risk of tampering or accidental or intentional data loss. But we know that even if these networks are designed to be closed, some business need, convenience, or a clever hacker could open them up to external access. Consider the Target breach via an HVAC vendor[1], or the remote hack of a Jeep Cherokee[2] via an open port on the Sprint cellular IP network. (Sprint points out that it was merely providing the connectivity and transport for the attack, and that its network did not contain the end device vulnerability[3]). 

First, maintaining a strict policy of no remote connections creates a sense of assurance.  Second, such networks can drift from their original configuration, or become out of date with respect to patches and updates. Third, closed networks are more costly to maintain. The cost of an onsite visit to resolve a configuration issue or a patch gone wrong is certainly more expensive than remote remediation. Imagine the havoc that would ensue if the new LED road lighting system being deployed by the city of Los Angeles[4] were hacked?  Still, the benefits of a connected LED lighting system, including reduced energy, better management, and real-time communication, are likely a higher priority than the risk of hackers taking over nighttime lighting. 

It’s worth reviewing the Jeep situation because it illustrates the challenges of adding systems to IP networks. First, as we add remote access to previously disconnected complex systems, the design of command and control vs. the data path needs to be carefully considered. Jeep designers believed their systems were disconnected, but researchers were able to find a connection. Once the connection was found, further engineering enabled the researchers to use the entertainment system with its necessary network connectivity to piggyback commands into the control system, radio, windshield wipers, steering, and brakes. Computers have made cars safer by giving them the ability to sense obstacles, feather the brakes, and warn the human driver when maintenance is needed. But those same computers become dangerous if accessed by unauthorized users.

As devices become increasingly interconnected, system functions and controls may be accidentally accessed. We can mitigate this risk by understanding our network baseline protocols and carefully monitoring new types of devices that appear on the network.

In the words of Arthur Conan Doyle, “Never trust to general impressions, my boy, but concentrate yourself upon details.”


 


[1] http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/

[2] http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

[3] http://www.fiercewireless.com/story/sprint-says-its-network-not-fault-hacking-demonstration-chrysler...

[4] http://www.wired.com/2015/09/design-issue-future-of-cities/

8 Comments
Jfrazier
Level 18

this is so true...just think of the trend in home automation.

Door locks, heating and AC control, and more.  A proper hack can open the front door (pun intended) to who knows what....you come home to a locked house...only the physical key works, environmentals have been set to Texas heatwave in the middle of winter, lights are cycling throughout the house in 70's disco fashion, and who knows what is missing...yet.

rschroeder
Level 21

Providing access to devices not traditionally online, just because it's cool or supported or "needed", should be covered by corporate policy.  I suspect many of the users of those solutions, and the third party vendors that install them, may not have credentials or security policies that are equal to my companies. 

Thus is a weak link forged.

jasco
Level 7

no network

network_defender
Level 14

Does the desire for convenience out weigh the need for security?  It all comes back to the CIA triad.

Confidentiality, Integrity, and Availability.

Is the desire for Availability greater than the need for Confidentiality and Integrity?

How much freedom are you willing to give up for security?

These are difficult questions, but they are the starting point for this topic.

shawn_b
Level 12

I share the view of rschroeder‌, that traditionally offline devices that do not need to be placed online should be covered by a policy for corporate devices. These types of automation do offer a lot of energy and manpower cost savings to a corporate entity.

in the case of personal device such as your car and home automation, I think the manufacturers play the "cool" card that seems to attract the consumer.

yes cars that brake for themselves and park for themselves are safety features, but do we really practically need all the other automation that is built into these devices such as remote start? Why would we want to automate our home door locks? maybe an elderly person living alone that has fallen ill and needs to activate their emergency medical response, so the monitoring company can send paramedics to their home and can rush straight in, but do we who don't fit that type of case really need that?

security awareness and best fit for every situation should be considered before implementing any type of solution, automation included

rschroeder
Level 21

Especially when hackers learn how to take over a car's computer, brakes, steering--via Blue Tooth or other wireless technologies.

If you didn't read about that:  Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

When BlueTooth is enabled on pacemakers, what are people thinking?  Yah, it's convenient for managing the device.  But leaving it enabled when the patient leaves a hospital?

http://www.popsci.com/article/gadgets/how-dick-cheney-took-his-heart-offline-thwart-hackers

mrm1
Level 8

I agree that ip stacks in devices should be non-routable by default when installed.

If more devices adopt IPv6, then scope link local address provide just that.

It takes an act of configuration to add scope globals.

rschroeder
Level 21

I hadn't seen that triad before, and I like it.

It reminds me much of the Business Triangle:  Fast, Good, Cheap.  You can have any two at the cost of the third.