Shiny new things

Art Lee

Art Lee

The holiday season is here, and along with it, gift giving and receiving. Many people’s lists include tech gadgets and devices. But be careful. Just because a new technology appears sleek and fun, doesn’t mean there are no security risks. Please leave these devices at home and off the lab’s network. Some examples include:

Android phones containing back doors. Some lower-end Android phones (3 million of them, in fact) contain hidden “back doors” that can be covertly accessed. Back doors can be used legitimately by administrators to troubleshoot or perform other activities on an app. But if an attacker can access your phone, all your personal information is at risk. Your phone could also be used as a launch point for further attacks.

Internet of Things (IoT) devices, specifically network cameras

Just because a device can be incorporated into a network, doesn’t mean it should be. Most of these are intended to be used at home on closed networks, not on an open network like Fermilab’s. Many weaknesses in these devices have been exploited, resulting in becoming unwilling members of a “botnet,” a group of devices controlled by attackers to take down resources on the Internet, including web servers.

Even some networkable toys are susceptible to attack. Last year, the Hello Barbie doll was vulnerable to interception attacks, specifically of children’s communication. Fortunately, this was fixed promptly.

All this said, go forth and enjoy your shiny new things. But always consider the idea of what needs to be on the network and what doesn’t, particularly at an open lab such as Fermilab.

Learn more about computer security at Fermilab Computer Security Awareness Day and Tech Expo on Wednesday, Dec. 7, at Wilson Hall. For a schedule of events and a list of exhibitors, visit the Computer Security Day website.

Art Lee is the deputy head of the Computer Security Operations Department in the Office of the CIO.