New research from security firm Cato Networks has highlighted the potential security risks associated with using the Amazon sidewalk and other consumer services that connect to corporate networks due to a lack of visibility. Research has also uncovered a new use of Houdini malware to spoof devices and exfiltrate data in the user agent domain, a method often undetected by existing security systems. The results come as large numbers of employees continue to work from home and connect to corporate networks remotely.
What is Amazon Sidewalk?
Amazon sidewalk is a free service (currently only available in the US) that extends the internet connection of low-power, long-range, low-data Amazon devices, such as select Echo and Ring models, beyond a home network to a shared local network. Operating in the LoRa 900 MHz spectrum, it uses a small amount of a user’s internet, shares it with nearby Amazon devices, and creates a mesh network to keep devices connected to the internet when a home internet connection is in use. failure or has a weak connection.
Amazon Sidewalk Security Risks
Amazon said, “Preserving customer privacy and security is fundamental to the design of Amazon products and services, and Amazon Sidewalk provides multiple layers of privacy and security to secure data flowing over the network and to keep customers safe. and under control. As such, he has implemented technologies such as data minimization, encryption, and trusted device identities to keep Amazon Sidewalk users safe.
However, according to Cato Network Q2 / 21 SASE Threat Research Report, the potential safety concerns associated with its use may interfere with an effective risk assessment. Etay Maor, cybersecurity researcher and director of security strategy at Cato Networks, told CSO: “The threat that Sidewalk poses from a security perspective is the inherent lack of visibility that IT has into the flow of information. data. Sidewalk is too new to know what vulnerabilities might exist, and CISOs and their teams will find it difficult to mitigate those risks, as everything that happens in the Sidewalk tunnel will be invisible to IT.
When an CISO lacks visibility into the types of devices that connect to the organization’s network, there’s no way of knowing what risks they may present, he says. “Are they infected? Do they have current anti-malware software? What about the fact that it connects to the neighbor’s networks? These (and others) are all unknowns because the devices themselves are unknown. Another potentially risky aspect of the Sidewalk service is the lack of data control, he adds. “Where does the data go? How do third-party developers fix and update software? The company has detected hundreds of thousands of sidewalk feeds, with some companies having hundreds of these devices.
Regarding the mitigation of network security risks posed by consumer services and device spoofing related to Houdini malware, Maor says CISOs should look for threat symptoms found in the network layer. “C&C communications, for example, bear telltale signs such as periodic communication with servers infrequently visited by users in areas of poor reputation. By looking for the symptoms and not the explicit attack signature, you will be able to detect sidewalk threats. Context sharing between network and security products is essential here.
Copyright © 2021 IDG Communications, Inc.