By Dr. Chris Spencer, Nomadix
How many homeowners do you know who are Wi-Fi network specialists? Unless they work in technology, I’m willing to bet that your average apartment or condo complex contains very few experts. So when it comes to cybersecurity, very few residents will think about the digital safety implications of their Wi-Fi enabled doorbell, security cameras, tracking sensors and all the other smart devices they’ve bought, plugged in or which came with their unit.
Now, how many cybercriminals do you know in your neighborhood or community? My bet is none. They don’t tend to post an ad on the building notice board to introduce themselves and advertise their nefarious intentions. And that’s the problem.
With the future of housing centered around more multi-tenant developments, internet of things (IoT) devices – and the criminals who would leverage them in their schemes – are part of a wider cybersecurity issue that’s a real and present danger for renters and apartment dwellers. Now, the onus is on landlords and building owners to put technology and policies in place that detect, understand and manage the devices and threats that may affect an in-building Wi-Fi network and its residents.
According to Strategy Analytics, as of 2021, there are over 250 million connected smart home devices. These devices are inside home Wi-Fi networks, registered to our addresses with our personal details held somewhere in the cloud. Unfortunately, in the past, some electronic toy and game manufacturers have reported data breaches, which could include registered details about children.
IoT has seen an explosion of traditional companies morph into information technology companies, yet without the hard-won cybersecurity learnings and standards that traditional infotech companies have. In the rush to get smart toys, doorbells, cameras and more to market, a robust security program hasn’t been a priority.
In terms of what’s at risk, let’s think about how these devices work. There’s a good chance that there is a registration process, whereby personal details about the purchase and the purchaser are stored. We bring the device home, and as with all good Wi-Fi networks, it’s connected and remains always-on in the background, communicating any activity, messages, commands, etc. with a server run by the IoT company (again, ’somewhere’ in the cloud). The same goes for the supporting apps on our mobile phones.
A reputable tech company with security at its heart would typically store these encrypted transactions and would then delete them once delivery happened. An immature, insecure or criminal company wouldn’t, potentially risking the leak of all our personal details – name, home address, the subscription service we were paying for, credit card details, security question answers, voice messages and time stamps.
IoT devices are commonly the least secure devices on the network. Recent findings from Forescout and JSOF discovered nine different bugs in over 100 million consumer and business IoT devices. Whereas Wi-Fi IoT devices can be secured fairly easily, low energy devices using Zigbee, Z-Wave or BLE technologies can be harder to secure, and they eventually do connect (through a bridge or some other type of connection) to the Wi-Fi network. These vulnerabilities need a lot of attention, and your typical multi-dwelling unit (MDU) will commonly have a mix of Wi-Fi and IoT devices in place.
Likewise, as the name ‘network’ suggests, apartments or units within a multi-tenant building are connected by a common infrastructure, meaning that insecure MDU networks are the gift that keeps on giving to criminals from within.
Home Wi-Fi networks are not alone. Even enterprises are struggling with the weight of managing an ever-increasing array of IoT devices attaching to corporate networks. But enterprises have more options. They have skilled IT teams and can use hardened AAA platforms to securely authenticate devices onto their Wi-Fi networks. They can also create special IoT Wi-Fi networks, firewalls and security policies.
Landlords offering ISP services to paying tenants have a responsibility to deliver the most secure network possible, and MDUs can help prevent cybersecurity threats by taking similar steps:
Apartment complexes are a target-rich environment, with a number of dynamic threats and a rapidly expanding number of IoT devices. Managed Wi-Fi is a fantastic benefit to both tenants and landlords acting as ISPs, but only if it is designed and delivered with security as its core.