Seven common enterprise Internet of Things (IoT) devices have proven to be hackable in less than three minutes, including IP-connected security systems, smart HVACs and energy meters, video conferencing systems and connected printers.
ForeScout Technologies and ethical hacker Samy Kamkar conducted tests, including a physical test situation and analysis from peer-reviewed industry research, to show the devices lack embedded security. Some were outfitted with rudimentary security, but Kamkar’s analysis revealed many were found to be operating with dangerously outdated firmware. All of them pose significant risk to the enterprise.
Kamkar’s research included a physical hack into an enterprise-grade, network-based security camera. Entirely unmodified and running the latest firmware from the manufacturer, the camera proved itself to be so vulnerable that is allowed a backdoor entryway to be planted that could then be controlled outside the network. The is the very same method that caused the Dyn DDoS attack: exploiting the default password.
In another test, it proved easy to leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment.
View the full article at Infosecurity Magazine here.
Story credit: Integrate Expo
This article was originally published by the Security Exhibition’s sister event, Integrate Expo. Find out more about Integrate here.
About the author: Tara Seals, US/North America News Reporter, Infosecurity Magazine.