Internet of Things (IoT) technology offers a growing number of businesses a wide range of benefits, including better communication, speedy operation, and automation for improved efficiency and productivity. However, with these benefits also comes a silent and stealthy threat: radio frequency (RF) attacks.
Wireless devices and the risk of RF attacks
There are up to 22 billion mobile, wireless, and IoT devices in the world, and about 15 billion of these devices operate within the RF spectrum. Without effective RF cybersecurity protocols, these devices can represent a serious blind spot that allows cybercriminals to roam freely in corporate airspaces, where they can steal intellectual property and sensitive company data.
The issue is compounded by the fact that most current cybersecurity protocols cannot detect devices that operate within the RF spectrum. As such, it is vital for businesses to take this threat seriously and understand how they can stop these attacks.
The hidden danger of RF
Over the years, cybersecurity professionals have gotten pretty good at protecting Ethernet systems, i.e. with hard-wired components connected through cables. Attacks and data breaches still happen, but provided that effective cybersecurity protocols are in place, cybersecurity teams can at least detect when a breach has occurred and take appropriate countermeasures to limit the damage.
However, standard cybersecurity protocols have been turned on their head by the rise of Bluetooth, BLE, and IoT devices that communicate through radio waves on the RF spectrum, connections that are usually unencrypted and operate on unsecured radio channels.
What’s important to understand is that the vulnerabilities in RF devices reside not so much in their operating systems or applications, but in how signals are sent from one RF device to another. Because these devices use the same unencrypted data key each time they transmit information, they can be easily attacked by malicious third parties. This can lead to data tampering, eavesdropping, or even piggybacking, all of which could compromise sensitive company secrets. The security team may not even learn of the breach until obvious red flags occur, such as locked user accounts, sudden file changes, or an abnormally slow network performance, at which point the damage is already done.
The security challenge is even more intractable because of the widespread nature of RF devices today. They exist everywhere as smartphones, medical wearables, laptops, keyboards, and any other type of wireless tech you can think of, a good deal of which are built by manufacturers more concerned with cost-cutting than proven security measures.
Worse yet, company devices or personal gadgets can be easily compromised outside the facility, such as cafés or restaurants that employees frequent. The unsuspecting employee will then carry the infected device back to the facility where it will serve as a launching pad for a wider infiltration.
Creating greater RF security
Businesses can better safeguard their intellectual property and sensitive data with a robust security system that closes as many blind spots as possible. Companies should take the following steps toward securing their RF air space:
1. Establish control of your radio airspace
Conduct an assessment of all devices operating in your radio airspace that use Wi-Fi, Bluetooth, BLE, and cellular signals. Determine whether these signals are encrypted and, if not, bring their firmware up to date. It may also be necessary to implement strict policies that forbid employees from taking company devices outside the facility while also disallowing personal devices that aren’t fully secured.
2. Evaluate RF security technologies
Placing safeguards against the use of unsecured RF devices in your facility will go a long way toward improving your security. But what’s even more important is evaluating and deploying effective RF security technologies that can detect, analyze, and alert your security team to the presence of an unsecured RF device.
Whatever your choice of vendor, the key thing is to ensure that unsecured devices can be detected in real-time, 24/7. It’s no good if the system can only detect devices during one-off security scans; it needs to work at all times and provide immediate alerts when a foreign device is detected.
3. Integrate RF security into your infrastructure
Deploying any new piece of technology requires an assessment of how it will fit within your larger technological landscape. The new system must work in conjunction with the rest of your cybersecurity systems, with no room for hiccups, security gaps, or incompatibility issues. Depending on the new system, this can require a detailed plan for a testing phase, a limited launch phase, and a facility-wide launch once all the kinks have been worked out.
Even once fully launched, the new system will need to undergo regular monitoring and reviews to see if it’s working as it should and whether there is any room for improvement. Companies should also prioritize future-proofing to ensure the system can continue working for many years with only occasional updates to meet new threats and attack vectors.
Most businesses and their cybersecurity teams have a high appreciation for how dangerous security breaches can be, especially when it comes to their intellectual property and other closely guarded company secrets. That said, companies need to develop a greater appreciation for the potential threats of RF attacks that target unsecured wireless devices. As we move towards greater use and integration of IoT devices in our daily business operations, it becomes more important that companies recognize this unseen threat.