Forescout Reveals Risk of Enterprise IoT Devices Utilizing Unencrypted Protocols

Forescout Reveals Risk of Enterprise IoT Devices Utilizing Unencrypted Protocols

bigstokphoto

Researchers recently showed how security flaws in IoT surveillance cameras can allow hackers to remotely gain access to networks and manipulate video feeds.

Forescout Technologies, a company specializing in device visibility and control, has been investigating how surveillance cameras, smart lights, and other IoT devices within smart buildings could be attacked by cybercriminals and how to mitigate those attacks. The company published its findings in a report, titled “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT.”

To demonstrate the cyber risks of a smart building, Forescout Research Labs set up a real-world smart building environment containing video surveillance, smart lighting, and other IoT devices, and analyzed how an attacker could obtain initial access to this network and some of the attacks they could implement for each subsystem.

The research highlights the following findings:

  • Many IoT devices, including surveillance cameras, are set up by default to communicate over unencrypted protocols, allowing for traffic sniffing and tampering of sensitive information. 
  • Forescout Research Labs demonstrated how sensitive information could be tampered with using surveillance cameras commonly used by enterprises. Researchers successfully replaced a network video recorder’s footage with previously recorded fake content. 
  • Compromising the video surveillance system is an example of a cyber-physical attack.
  • A search on Shodan pulled up nearly 4.7 million devices that could be potentially impacted by using these unencrypted protocols.

“Today’s connected world is made up of billions of devices that use a myriad of operating systems and network protocols to exchange data across industries and boundaries,” said Elisa Costante, head of Forescout Research Labs, Forescout. “We created Forescout Research Labs to explore the security implications of this hyper-connected world and research the associated threats and risks coming from these devices.”