Beware the IoT spy in your office or home via smart furniture, warns NSA

On this last day of National Cyber Security Awareness Month, which is also Halloween, let’s look at something “scary” – if you value privacy and security – as was pointed out recently by the NSA.

Years ago, it became a challenge to find a decent new TV which wasn’t “smart,” but now the NSA has warned that the same may become true for office furniture!

Why is the NSA talking about IoT office furniture? Because the agency has to buy desks and chairs the same as any other business. If that furniture is “smart”? Well then, that’s one more potential entry point into a network or an avenue for threat actors to gather sensitive information.

Apparently, connected office furniture is part of a growing business trend; IoT connectivity allows for the wireless tracking of how efficiently the workforce uses equipment and spaces. Data from integrated sensors in “smart” furniture is supposed to help companies improve workers’ productivity and potentially maximize existing spaces such as use it or lose it.

In the article, Connected Desks Aren’t What They Used to Be, the NSA wrote:

However, this connectivity and information gathering raises security and privacy considerations. As connected furniture becomes more common, you’ll want to consider potential vulnerabilities that may be integrated as part of an IoT wireless solution (e.g. the sensors themselves). Cloud infrastructures pose another potential vulnerability as more and more devices use the Cloud for data storage and are at risk for this information to be stolen. Privacy concerns may include the risk of revealing personally identifiable information (PII), through either accidental or intentional malicious efforts to extract information.

An October 2018 research report, China’s Internet of Things (pdf), was a project conducted by “SOSi’s Special Programs Division (SPD), the premier open source and cultural intelligence exploitation cell for the U.S. intelligence community.”