New research led by "ethical hacker" Samy Kamkar highlights common enterprise IoT devices that are hackable within three minutes.
The report from ForeScout delves into the specific vulnerabilities of seven IoT devices found in enterprise environments. Attackers can easily recruit an army of IoT devices to launch a wide-scale distributed denial-of-service (DDoS) attack due to the volume of these devices and their ease of infiltration.
Pedro Abreu, ForeScout's chief of strategy, tells us as more IoT devices are connecting to the enterprise, they are becoming the "path of least resistance" for hackers to gain access to the network.
"Protection in the age of IoT is all about visibility," he says. "Organizations need the ability to see devices the instant they connect to their network and then control their access based on the device security posture and behavior."
Kamkar's research focused on seven common enterprise IoT devices, including IP-connected security systems, smart HVACs and energy meters, video conferencing systems and connected printers, among others. According to his observations from a physical test situation and analysis from peer-reviewed industry research, these devices pose significant risk to the enterprise because the majority of them are not built with embedded security. Of the devices that were fitted out with rudimentary security, many were found to be operating with "dangerously outdated firmware."
Key findings of the report include:
The identified seven IoT devices can be hacked in as little as three minutes, but can take days or weeks to remediate.
Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack.
Cyber criminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment.
With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls.
Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage.
"Our research involved a physical hack into an enterprise-grade, network-based security camera," Abreu said. "The camera was running the latest firmware, yet we were able to hack into it using the very same method that caused the Dyn DDoS attack [last Friday]: exploiting a default password. The most concerning part about this was that we were able to plant a backdoor that could be exploited even after the password was fixed and patches made."
The IoT footprint continues to expand, showing little to no signs of slowing down. Gartner predicts that 20 billion connected devices will be deployed by 2020, with as many as a third of these sitting unknowingly vulnerable on enterprise, government, healthcare and industrial networks globally. In turn, hackers are now easily able to pivot on insecure devices into the secure network, and ultimately access other enterprise systems that could store bank account information, personnel files or proprietary business information.
— Edward Gately, Contributing Editor, Channel Partners
We've secured a generous 20% discount to attend IoT World in Dublin for all IoT World News readers! Just use code IOT20 when you register to secure your discounted place.
2017 has seen the size, scope and awareness of the internet of things continue to grow at considerable pace.
And while corporate latecomers hastily stitching together their first attempts at an IoT strategy, the market leaders are already planning for IoT's next step — where artificial intelligence and data analytics meet to provide a new frontier of insights and opportunities.
Our panel of experts, selected from the Internet of Things World 2017 speaker line-up, will share their views on how enterprises and industries will be leveraging the next generation of IoT capabilities — spanning machine learning, predictive analytics and more — and what the outcomes will be.
The expertise of our speakers spans both the private and public sector, and the implications of IoT, analytics and AI for both enterprise and government will be covered.
Webinar attendees will discover:
What businesses & industries can expect to gain from advances in IoT, AI & analytics
Existing use cases for the application of AI & analytics in IoT across verticals
The companies to watch for next generation IoT & AI applications
What your business should be doing now in order to access these capabilities & benefits
How benefits & strategies for IoT & AI differ for the public & private sectors
In an industry where production yield and efficiency are tantamount to success, quickly identifying and correcting defects in the manufacturing process is critical. The customers of Optimal+ operate in production environments where errors related to yield and efficiency measurements can lead to losses of millions of dollars per year within a single plant. By implementing Vertica, Optimal+ is able to speed up analytical insights, combine data from different productions processes and gain visibility across the whole supply chain – leading to improved yield, quality and productivity for semiconductor and electronics manufacturers.
Join Alon Malki, Chief Architect at Optimal+, and Jeff Healey, Director of Product Marketing at HPE Vertica, to hear how advanced analytics and manufacturing intelligence can drive success in Industrial IoT. On this webinar you’ll learn:
Why HPE Vertica Analytics Platform is purpose built for IoT data
The challenges Optimal+ faced when developing a solution for IoT analytics
How Optimal+ leverages HPE Vertica to create an ideal big data architecture