People often search for Wi-Fi whenever they’re outwith the comfort of their homes and offices, or when they’re travelling for any particular reason. The trouble is that public Wi-Fi is often insecure, and this could allow someone to hack into their laptops, their tablet computers and their smart phones without them knowing what’s going on until it’s too late, writes Michael Wakley.
All of this can be done from just a few yards away, or even from miles away – enabling hackers to take control of computers as well as steal passwords and sensitive data that may eventually lead to financial or reputational loss for the unsuspecting victims.
Wi-Fi isn’t sufficiently secure for a number of applications, including water leak detection. A report published by Positive Technologies claims that, in 92% of cases, its researchers were able to externally penetrate 92% of companies’ internal networks in penetration tests conducted last year. The researchers also found that, at 87% of its tested clients: “Wi-Fi networks were accessible from outside of the client premises, such as from a nearby cafe, car park or public waiting area.” The culprit was often weak Wi-Fi security, which on 63% of systems enabled access to resources on the given company’s local network.
Positive Technologies finds that many firms are either failing to encrypt their Wi-Fi traffic or neglecting to implement Wi-Fi authentication. They’re using weak protocols such as WPA2/PSK or WPA/EAP. Even firewalls, which are used to protect web applications, strong Wi-Fi authentication, strong and unique passwords or employees trained to recognise phishing attacks are not enough. Unpatched systems can often leave at least one door open to the cyber attackers.
Many water leak detection devices use Wi-Fi as their means of connectivity to the Internet, and so the threat of being hacked is a real concern for users such as commercial building owners, insurers, property managers and facilities managers.
In the age of the Internet of Things (IoT), devices such as water leak detection systems are not immune from hacking. Tom Jowitt, writing for Silicon UK in March this year, found ‘IoT Devices Under Constant Attack’. He cites research by Cyxtera and the Singapore University of Technology and Design, which discovers that there a number of sustained cyber attacks on IoT devices coming mostly from China. IoT devices, including water leak detection systems, must therefore be secured.
“They detected more than 150 million connection attempts to 4,642 distinct IP addresses of IoT devices, and it seems that most of the attacks are stemming from China,” said Jowitt. The paper, entitled ‘Detection of Threats to IoT Devices Using Scalable VPN-Forwarded Honeypots’ states that attacks on ‘honeypotted’ IoT devices have intensified over the last few years. This is because they’re open to be discovered and exploited on the Internet, thereby revealing unknown vulnerabilities.
Jowitt added: “Over a couple of years, researchers detected more than 150 million connection attempts to 4,642 distinct IP addresses…And the researchers said that all of their honeypot IoT devices saw attempted logins immediately upon coming online, and the number of login attempts increased steadily over time…to make matters worse, within days of new malware campaigns going public, those malware families were used to attack IoT devices from the honeypot.”
Technopedia describes a honeypot as: “…a decoy computer system for trapping hackers or tracking unconventional or new hacking methods. Honeypots are designed to purposely engage and deceive hackers and identify malicious activities performed over the Internet. Multiple honeypots can be set on a network to form a honeynet.”
It’s also worth remembering another weakness of Wi-Fi: if it goes down, so can IoT devices such as water leak detection. Therefore, it’s important to consider the alternatives to public Wi-Fi, or even to some private Wi-Fi offerings. For example, Vodafone’s White Paper ‘Narrowband-IoT: Pushing the Boundaries of IoT’ claims: “Security is important in any IoT deployment. Narrow band Internet of Things (NB-IoT) inherits LTE’s strong security features, making it the safest choice.”
The company, which is working with water leak detection service providers, adds: “Securing ultra-simple devices is challenging. The limited bandwidth and processing power make even foundational security practices like authentication and encryption non-trivial. Proprietary LPWA technologies don’t do enough. While LoRa encrypts its traffic, Sigfox doesn’t. Both are vulnerable to jamming. NB-IoT inherits LTE’s authentication and encryption. NB-IoT mutually authenticates the network and the device and it encrypts traffic between the device and deep within the core network.”
By using LTE, which is a 4G mobile communications standard for connectivity, water leak detection devices will remain live, whether or not any Wi-Fi is working. This means that a greater level of uptime can be achieved. Subsequently, this reduces the risk of a leak going undetected.
With a Wi-Fi-based water leak detection system that’s gone down, and as Wi-Fi often has to be switched on and off to restore a connection, or if it needs more serious work to have it back up and running, there’s always the risk that a burst pipe could go undetected. This could cause a significant amount of damage.
Limitations of buildings
Not all Wi-Fi systems will work well with certain buildings, too. Some buildings are built in such a way that the signals can’t pass through. Security is but one of the concerns – even for applications such as water leak detection.
We recently completed a trial with a large American insurance group. The trial involved installing 20 water leak detection systems linked to Wi-Fi. It took us two hours to install the systems, and Wi-Fi specialists two days to configure the Wi-Fi in a high net worth house. We all know in our own properties that our Wi-Fi system has dead spots. All you can do is put boosters in around the property, but you cannot resolve dead spots.
In contrast, using alternative technologies like NB-IoT devices can gain deep in-building penetration. The aim is to deliver a good customer experience from a good piece of kit, otherwise you’re in danger of losing your customer.
While many companies and even some insurance firms are offering water leak detection solutions that run on Wi-Fi, his firm has opted to use NB-IoT and low-power Wide Area Networks (LPWANs) to optimise security, and data accessibility from the perspective of being able to monitor any water leaks within a building – whether that be an office or a private home.
We use a standalone network because Wi-Fi is insufficiently secure and, if your Wi-Fi goes down, your leak detection also goes down. NB-IoT has nothing to do with your Wi-fi network at home. With leak detection, it’s important to have an independent system that doesn’t rely on a Wi-Fi connected home.”
Insurance companies are understandably concerned about protecting data. With public, unprotected Wi-Fi, hackers can launch an attack and gain access through the back door. It’s crucial to ensure that your Wi-Fi’s protected. Hackers love gaining access to unsecured PCs, laptops and device cameras. The prospect of this is quite scary because once they’ve hacked into your Wi-Fi network, they can access everything on it and potentially gain access to any cameras in the building.
We’re using LPWAN and NB-IoT networks to ensure that water leak detection systems are easily secured and accessible from any device.
Network security tips
As the reliability of water leak detection has insurance implications, the first tip is to install either LPWAN or NB-IoT solutions that enable leaking water to be monitored and turned off remotely. Avoid public or even private Wi-Fi because of its security and in-building coverage shortcomings.
As a third tip, it’s important to explore low-powered WANs as a more secure way of transmitting water leak detection data. It may also be wise to consider whether an individual sitting in a cafe and using a non-secure public Wi-Fi to control their leak detection system is covered from an insurance policy perspective. They could leave their organisation’s data exposed to attack. It’s important to ensure that all bases are covered.
The fourth tip is about making sure that insurance companies support any installed leak detection solutions – particularly so to consider whether they offer any cost-savings. Having leak detection systems installed in a property or development will reduce the insurance risk, and this may translate as lower premiums or excess.
Ultimately, with regards to Wi-Fi it’s important to realise that firewalls are not always able to protect data from a hacker’s attack. Organisations therefore need to consider how to protect their applications, data and networks whenever they’re in the field – even if this is for monitoring and preventing water or gas leaks remotely.
Without stringent security, even a hacked Wi-Fi-based water leak detection solution could lead to data protection failures. It could even lead to a calamity such as water being turned on to flood a property rather than being turned off to protect it. Wi-Fi simply isn’t secure enough for water leak detection and remote risk monitoring when considered in comparison to NB-IoT or LP-WAN based systems.
Michael Wakley is CEO of LeakSafe