IoT devices hacked subito

The just-released "IoT Enterprise Risk Report" study shows the danger that common IoT devices bring to enterprises: Most open up easy access into critical enterprise networks, ForeScout Technologies writes.

From the report "IoT Enterprise Risk.
From the report "IoT Enterprise Risk.

"The IoT is here to stay, but the proliferation and ubiquity of these devices vastly increases the attack surface - and provides hackers with easy-to-use entry points," said Michael DeCesare, president and CEO, ForeScout Technologies, Inc. "The solution to this problem starts with continuous visibility, transparency and control of IoT devices in real time, from the moment they connect to the network. Because you can't secure what you can't see."

Samy Kamkar, one of the best-known ethical hackers in the U.S., investigated for the Study seven IoT devices commonly used in enterprises, such as IP-connected security systems, smart air conditioners and energy meters, video conferencing systems, and network printers. Based on a physical test as well as analysis of independently peer-reviewed industry research, Kamkar concludes that these devices pose significant risks to enterprises because most lack built-in security features. For those devices that did have rudimentary security features, Kamkar found that many were equipped with dangerously outdated firmware.

As part of his investigation, Kamkar physically hacked into a network-based, enterprise-grade surveillance camera. The camera was not modified in any way and was equipped with the manufacturer's latest firmware. Nevertheless, it proved vulnerable and ultimately enabled the installation of a backdoor that could be controlled from outside the network. To see the entire hacking attack, please visit here click.

Key findings from the "IoT Enterprise Risk Report":

  • The seven IoT devices studied can be hacked in as little as three minutes; in contrast, fixing the problem can take days or weeks.
  • If such a device is infected, hackers can set up backdoors to develop and launch an automated IoT botnet DDoS attack.
  • Using jamming or spoofing techniques, cyber criminals can hack into companies' intelligent security systems and thus take control of motion detectors, locks and surveillance technology.
  • For VoIP phones, configuration settings can be exploited to bypass authentication, giving attackers the ability to listen in and record phone conversations.
  • Hackers can use networked air conditioners and energy meters to overheat critical infrastructure in critical rooms (e.g., server rooms) and cause physical damage.

The IoT continues to spread, and there is nothing to suggest that this trend will slow down. By 2020, 20 billion networked devices are expected, and up to one-third of them could be in use with undetected vulnerabilities in the networks of businesses, government agencies, healthcare facilities, and industrial operations. Hackers, in turn, can easily use insecure devices as a jumping-off point to enter a secure network and ultimately access other enterprise systems that may hold banking data, personnel files or confidential business information.

Study Methodology: For the "IoT Enterprise Risk Report," ForeScout Technologies, Inc. taps into the knowledge of Samy Kamkar, one of the world's leading White Hat hackers. He was commissioned to investigate the security risks posed by IoT devices in enterprise environments. The study aimed to uncover vulnerabilities in enterprise-grade technologies, using both physical testing and industry research that had undergone peer reviews.

 

(Visited 80 times, 1 visits today)

More articles on the topic

SECURITY NEWS

Bleiben Sie informiert über aktuelle Sicherheitsthemen – praxisnah und zuverlässig. Erhalten Sie exklusive Inhalte direkt in Ihren Posteingang. Verpassen Sie keine Updates.

Jetzt anmelden!
anmelden
You can unsubscribe at any time!
close-link