In their report on the top connected device threats in 2016, Pwnie Express Surveyed over 400 respondents in the areas of information technology and security. Their results are a warning to all businesses:

• 86% of information security professionals are concerned with connected device threats, with most being more worried about these threats than they were a year ago.
• 40% report that their organization is “Unprepared” or “Not Prepared At All” to find connected device threats.
• 37% cannot even tell how many devices are connected to their networks.

(The Internet of Evil Things)

What is the Internet of Things?

In our recent post on Ransomware and the Internet of Things, we briefly discussed what the “Internet of Things” (IoT) is, and how we expect it to become increasingly vulnerable to ransomware. Examples of the IoT include any electronic device that is connected to the internet: cell phones, pacemakers, electronic components in factories, thermostats, cars, and more.

And we can expect the IoT to grow over the next several years. According to a 2016 report on internet security from Symantec, “In the USA, there are 25 online devices per 100 inhabitants, and that is just the beginning. Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, and will reach 20.8 billion by 2020.”

What Kinds of Threats Can Be Expected?

According to Pwnie Express’s report, the major IoT device threats in 2016 will be related to:

• Unauthorized, accidental, or misconfigured access points;
• BYOD and the personalization of (formerly) corporate hardware; and
• Insecure, misconfigured, and vulnerable IoT devices.

Wireless access points can present several vulnerabilities, such as failure to modify default configurations. “Routers, switches, operating systems and even cellphones have out-of-the box configurations that, if left unchanged, can be exploited by individuals who stay abreast of such things.”  Brad Casey, Techopedia.com.

BYOD (Bring Your Own Device) policies can also leave your organization vulnerable. In addition to making a tempting target for hackers, users of mobile devices are often not as careful as they need to be when downloading apps. Even more worryingly, according to the report The Internet of Evil Things, “Most security professionals are not ready to monitor or detect less-common RF and off-network IotT devices, 87% cannot see Bluetooth devices, and 87% cannot monitor 4G/LTE devices in real time. Additionally, 71% cannot monitor off-network WiFi devices in real-time and 56% cannot monitor on-network IoT devices in real-time.”

Preparing to Protect Against Vulnerabilities

While many information security professionals seem to be aware of the threats they face from working with mobile devices and the IoT, surprisingly few seem to be prepared for it.

For example, The Internet of Evil Things states that 35% of respondents say that their organization has no BYOD policy in place. Further, while 65% of the respondents report that they have a BYOD policy, only 50% of them actually have a way to enforce these policies. Obviously, unenforced policies are an invitation to non-compliance and do not provide real protection.

While connected devices offer advantages in terms of flexibility for organizations, they also come with great risks. And with attacks still on the rise in 2016, protecting your business is more important than ever.

Pokémon Go – What Is It?

Pokémon is a name derived from “pocket monsters,” and is a hugely popular franchise including the original video game and more. Most recently, the franchise includes Pokémon Go, a free-to-play mobile app that has been enjoying huge success since its release in July 2016. If you have a smartphone, or you know someone who has a smartphone, or if you’ve so much as walked outside recently, odds are good that you’ve encountered Pokémon Go.

More than Just Pokémon Go – Augmented Reality

Pokémon Go is a specific example of Augmented Reality (AR). AR creates a blend of the real world and the virtual world. In the case of an app like Pokémon Go, virtual images can be inserted into video that has been captured on a tablet or smartphone. The game uses a phone’s GPS to track a player’s location in the real world and then uses AR to overlay Pokémon on the screen for the players to capture.

However, augmented reality has a great deal of potential beyond game play. Future business applications abound, with some already taking place. Examples include:

• Training and Education

“Unlike a real-world training scenario, a trainee can play through an AR situation as many times as they need to grasp a concept or procedure. AR training can also be a lot more elaborate – it’s far simpler to have someone take a virtual car engine apart than a real one – and can be repeated with as many people as necessary.” Nick Heath, ZDNet.

• Retail Applications

There are also potential uses for AR in retail. For example, the companies Cimagine and Shop Direct  announced a partnership “…to allow potential customers to virtually place a piece of furniture in their house using their tablet. This works by users taking a snapshot of their room then digitally placing 3D furniture images in the area they want.” Arjun Kharpal and Alice Tidey, CNBC.com.

• Customer Service

Ian Jacobs predicts that “…in the customer service space smartphone apps will provide virtual overlays of documents, such as account statements, to provide FAQs and display account information…. Technical repairs and training, which currently require in-person interactions or blind step-by-step instructions, will be resolved by two-way video.” Forrester.

Pokémon Go Security Concerns

With any new technologies there are bound to be new security issues. In its first two months of existence, Pokémon Go has already provided examples of the issues augmented reality may hold for businesses.

For instance, Pokémon Go requires users to login using their Google credentials. Initially, however, it also meant that users were giving the game and its developers full access to their Google account. (This problem has since been resolved, according to later reports.) For a business, this serves as a warning – no matter how tempting the app, your IT department will always need to keep careful track of what apps you allow your employees to download on devices used for work.

As another example, the very popularity of an app like Pokémon Go can make it dangerous. According to Joseph Steinberg at Inc.com, because the game has been available only in a limited number of countries, some people in other countries have obtained it through unofficial channels. As a direct result of this, “… hackers have already successfully posted malware–infected versions of the app in some file sharing services.” This may be of particular concern, given the recent increase in ransomware attacks affecting smaller businesses.

The future of augmented reality promises to provide businesses with both increased opportunities and increased challenges. We can expect to see AR affecting all areas of how people play and work.