The Glass-House Quarantine: The COVID-19 Operational and Communication Security Nightmare Scenario
The COVID-19 pandemic has changed our daily life in many ways over the course of the year.
One notable change has of course been the shift of work whenever possible for industries across a wide spectrum, many of them not used to or not equipped for it.
To be sure, many aspects of this shift toward virtual teams and tele-work have been positive. Shorter commute, lower costs, emphasis on results rather than on presence, ability for parents to be closer to and watch their children, and many more.
One dimension, however, that has escaped the public discourse and scrutiny, is the impact this monumental and sudden shift has had on security. Indeed, no matter what angle you look at, there is plenty to say about it, and an almost infinite collection of opportunities for any digital actor interested in you, your organization, or your data.
What has happened is that the pandemic has not only decentralized the workforce, it has also decentralized and multiplied penetration points in countless of networks, and instantly promoted millions of professionals to be their own security officer, and this whether they are trained for, interested in, or even aware of it. And in the panicked rush to ship everyone to their home-office, not every organization has had the sophistication or the luxury to educate their workforce and equip them with the tools necessary to minimize risks of unfriendly network penetrations and unwanted data exfiltration.
Of course, organizations used to trade in classified information would not have had too much trouble to adapt, but then experience the other side of that nefarious spectrum, which is the operational limitation from all work that cannot be allowed to be done remotely or data that cannot be transmitted to or from an unsecure site or network.
Then again, there is plenty to fish for outside of the world of classified information. Think about your average digital criminal, now seeing a buffet of data to steal and monetize exponentially augmented, or think about your average industrial spy, now on the verge of an indigestion of valuable intellectual property within easy reach, and the list goes from insider trading and credit card fraud, all the way identity theft and extorsion.
It is easy in this context to understand how, in strange times like ours, many people expeditiously sent home might not be situationally aware or technically proficient to protect themselves. But to this already dangerous situation, now the dark side of the internet of things, filling our homes with innocent looking appliances that can cheaply and easily be recruited as obedient agents with no moral qualms about sharing your most private data and information to whoever sends them the right command.
The internet of things (IoT) grew so much in popularity this last decade, that you would be hard-pressed to find a home without a plethora of appliances connected to the internet.
And now that countless people are spending their workday at home, all these smart appliances making your daily life easier are also making it infinitely more dangerous.
Need a specific example of the dangers of your home?
Consider this critical vulnerability in television sets recently reported on a global security and technology web site: Comcast smart voice remote controls (currently 18 million active units across the U.S.) could be hacked without any interaction with users or direct access to the equipment. With a simple, and cheap, RF-transceiver and an antenna, anyone as far as 65 feet away (think about that car parked on the corner of your street) could highjack your television signal and transform it into a listening device, whether your television is in use or not, and get a front-row seat to all your home-based calls and confidential conversations.
This is only one recent example out of many, all making you an easy target, predictably home, with little resources to even understand where the threat comes from. For all you know, your toaster is spying on your right now…