Wi-Fi standard could make Internet of Things things even easier ... for hackers
HaLow somewhat less than saintly
CES A new standard for Wi-Fi for IoT devices may create yet more ways to attack vulnerable kit, according to a security consultancy with a storied history of hacking into internet-connected gizmos.
Many legacy IoT products – thermostats, remote switches, burglar alarms, weather stations etc. – already communicate in the sub-1GHz ISM band. This lower frequency has range and power advantages but this legacy technology is handicapped by a lack of IP integration.
Introducing a modified variant of the long established wireless networking protocol allows a bridge to be built between an IoT network and the home LAN.
Enter 802.11ah or HaLow, a wirelessing technology for the Internet of Things, which was announced on Monday at the CES show in Las Vegas.
802.11ah offers the ability to build wireless functionality into home routers themselves, rather than using dedicated gateways, the typical approach at present. However this change may make it easier for an attacker to bridge between your IoT network and an associated home network, UK security consultancy Pen Test Partners warns.
“802.11ah will significantly improve the distance from which Wi-Fi IoT devices can be attacked,” explained Ken Munro, a director at Pen Test Partners, in a blog post. “It may not be necessary to take such bulky RF antennas out on IoT 'war drives' any more. It's also likely to increase the chance that these attacks can allow access onto the rest of the network.”
Another problem that may come from the IoT protocols is lower power usage. Low power usage implies less processing power, which can lead to corners being cut in security, Munro cautions.
Improvements to Wi-Fi security for the increasing range of internet-connected things could come in the form of better client authentication and client segregation, the sort of improvements that would foil attacks on internet-connected kettles and smart fridges previously discovered by Pen Test Partners. But there’s nothing in the 802.11ah draft standard to suggest improvements in either of these areas.
“We don't see that 802.11ah offers security improvements over existing popular 802.11 standards. If anything, it may make the job of attacking Wi-Fi IoT devices easier,” Munro concludes. ®
Sponsored: Customer Identity and Access Management