Experts are warning that, in addition to desktops, other devices with embedded computers such as printers, office phones, and even the building control system of offices could leave businesses open to cyberattacks.
Embedded computers can be found in places such as smart home appliances, medical gear, cars, and even facilities such as power plants. And they run software that can be exploited just like any computer, warmed Ang Cui, founder and CEO of cybersecurity company Red Balloon.
“This is probably the most important cybersecurity threat that we have today because these computers control every single aspect of our critical infrastructure that we depend on every single day,” Cui told CNBC in an interview.
Although it sounds fantastic to be somehow hacked through your office’s printer, several companies have already been compromised by the embedded computer systems they use. The major data breach Target experienced in 2013 was due to a malware that was installed on its point-of-sale system.
“[The breach] certainly cost Target a great deal of money and a great deal of headache,” Cui noted. “They’re by no means the only company that had to recover from some event like this.”
Cui believes the problem is only going to become worse, as more embedded devices get produced.
“By most people’s estimates, we’re going to have about 20 to 25 billion embedded devices in about 15 years,” the expert said. “That is obviously more than one embedded device per person on this planet.”
CNBC reported that, earlier this year, Cui’s Red Balloon discovered a critical vulnerability in millions of Cisco devices. The cybersecurity firm announced its findings to the public in May after informing Cisco of the hardware design flaw, which could be remotely exploited to bypass the secure boot process.
The expert also warned that something as simple as an office phone can be a major cyber vulnerability.
“If you see a telephone sitting on your desk, chances are there is a fairly powerful processor in there running a full operating system. And that phone is basically a general-purpose computer shoved into a plastic case that makes it look like a phone,” she warned.
Cui has recommended businesses worried about embedded device security contact device manufacturers.
“Go complain to the people that make these things that are insecure. And if enough of us do it and raise this concern over and over again, we will influence the makers of these things to make a more secure product,” she said.