Ken Munro, a security researcher at Pen Test Partners, an ethical hacking service, recently used customer I spent an entire day rummaging through the system ceilings of office buildings.
The device in question was a wireless screen sharing device. The device is intended for displaying presentations wirelessly transmitted from a laptop on a large display or projector.
In most cases, these types of devices should be isolated from their surroundings and only allowed to connect to PCs and large displays or projectors. "Without thinking or asking anyone," he said, he got on the corporate network. As a result, potential attackers were able to enter the corporate network directly through the affected device from a public Wi-Fi network.
This is just one example of how new smart devices in the office can unintentionally weaken security.
Munro said, "We have seen various coffee machines with wireless connectivity brought into the workplace and connected to the office's Wi-Fi network, creating security vulnerabilities. I've dealt with a lot of times where a smart coffee machine becomes a vulnerability on the network, and a hacker breaks into that machine and uses it as a springboard to get into the corporate network."
There have also been instances where vending machines have been connected to a company's wired network and become a backdoor," he added.
Legacy Systems
The challenges surrounding smart office security fall into two categories. The first is a system introduced to manage office infrastructure. These building management systems already control doors, heating and air conditioning systems in many offices, and have been in use for years.
However, these systems are often installed with little or no security considerations, and are often installed with little or no protection against cyber threats. There are many instances of people accidentally connecting to the public Internet. The controllers of these systems may seem like trivial or insignificant targets for hackers, but if they locked every door in a building or shut down a data center's climate control system, no problem. It gets serious in the meantime.