Dark urban alley at night showing the lurking risks of shadow IoT
Shadow IoT: The Formidable Threat Lurking in the Shadows

Shadow IoT: The Formidable Threat Lurking in the Shadows

Many employees connect their smart devices onto the organization’s network without the approval of the IT department. Due to the proliferation of the Internet of Things (IoT), most of these devices are IoT-enabled and regularly communicate with each other and external services creating a Shadow IoT network. Such networks pose security risks to a secure enterprise network.

Prevalence of Shadow IoT networks

The IT security company Infoblox conducted a survey involving over 1,000 IT leaders in the United States, United Kingdom, Germany, and the UAE to understand the prevalence of shadow IoT networks within organizations. Results from the survey indicated that 78% of respondents had over 1,000 shadow IoT devices connected in their enterprise networks on a typical day, while 28% had between 1000 and 2000 devices in the network. Close to half (48%) of the organizations had between 2000 and 10000 devices connected to the corporate network. Although some of these devices include those sanctioned by the IT departments, the number also included rogue devices connected by employees without the approval of the IT departments. According to the Infoblox report, 80% of the IT heads indicated that they had identified shadow IoT networks on their corporate network while 46% had identified more than 20. Twenty-nine percent of IT leaders said they had identified over 20 shadow IoT networks and as much as 50. These statistics show that the prevalence of shadow IoT networks is a common problem in many organizations.

Common devices used in Shadow IoT

With the explosion of IoT-enabled devices, shadow IoT networks involve a variety of devices. Fitness trackers such as Fitbit and Gear Fit and digital assistants such as Amazon Alexa and Google Home are the most common contributing to 49% and 47% respectively. Smart TVs closely follow at 46% while smart kitchen appliances such as smart microwaves contribute to 33%. Gaming consoles such as Xboxes and PlayStations make up 30% of shadow IoT devices. Other commonly found devices include smart speakers, wireless thumb drives, heating, ventilation, Wi-Fi thermostats, Industrial IoT, and air conditioning (HVAC) systems. Some companies also install these devices without considering the security risk they pose on the network. In other cases, the IT department simply ignores the existence of such devices as well as frustrate employees’ efforts to have their devices properly configured on the network.

Reported cases of IoT networks hacking

The Mirai botnet attack exploited unsecured IP cameras and home routers in 2016 creating a distributed denial of service (DDoS) attacks that shut down the internet on the US East Coast. Similarly, cybercriminals hacked thermostats in a government building and manufacturing plant and raised the temperatures in both facilities. Similarly, Wikileaks released a document detailing a CIA Samsung smart TVs hacking tool called the “Weeping Angel.”

Risks posed by Shadow IoT networks

Most IoT devices lack enterprise security features that other common IT devices such as computers and smartphones have. In addition, the devices are configured using default IDs and common passwords easily found through an online search. The devices are therefore an easy target for hacking by cybercriminals to infiltrate a corporate network and compromise the company. Similarly, most IoT devices and networks are discoverable using internet-connected device search engines such as Shodan. Such tools expose the device’s hardware profiles and services running such as HTTP, SSH, FTP, and SNMP. Once discovered, cybercriminals can investigate vulnerabilities, thus putting the whole enterprise network, data center, or organization at risk. The addition of new IoT devices into the network also introduces new operating systems, new wireless frequencies, as well as new protocols into the company’s network. Because of the number of manufacturers and the supply chain for such devices, they lack standard security models and cannot be secured using standard information security measures like other devices.

Mitigating the threats of Shadow IoT

Protecting from shadow IoT risks is very similar to commonly used security best practices for other types of security threats.

Educating employees on the security threats posed by connecting unauthorized devices is important. In addition, informing them of the organization’s IoT policies allows them to participate in keeping the network safe.

Isolating IoT devices is also an effective way of securing the organization’s core network. Setting up a separate network to allow employees to connect their IoT devices will keep off risky devices out of the secure enterprise network.

Assimilating employees’ devices and hastening the approval process will also prevent employees from circumventing the IT department while connecting the devices.

Lastly, regular monitoring of the enterprise network allows IT heads to discover vulnerable devices connected to the network. Once discovered, the IT heads can take necessary security measures to secure the network.