The seven IoT devices that could be putting your business at risk
We've already seen concerns about the threats Internet of Things gadgets may pose in the home, with hackable Barbie dolls and snooping Smart TVs. Not to mention that the latest Dyn DDoS attack was carried out using unsecured IoT devices.
IoT devices are starting to become commonplace in businesses too so the potential for problems can only grow. Security company ForeScout, along with leading ethical hacker Samy Kamkar, has been investigating the risks these devices pose.
The research looked at seven common enterprise IoT devices: IP-connected security systems, smart climate control systems and energy meters, video conferencing systems, connected printers, VoIP phones, smart fridges and smart light bulbs. According to Kamkar, from a physical test situation and analysis from peer-reviewed industry research, these devices pose significant risk to the enterprise because the majority of them aren't built with embedded security. Even if the devices do have rudimentary security, Kamkar's analysis reveals many are operating with dangerously outdated firmware.
Many of the devices can be hacked in less than three minutes, but the damage done could take weeks or months to sort out. Cyber criminals can use jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment.
Hacking VoIP phones and exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls. Also by tampering with heating and ventilation control systems and energy meters, hackers could force critical areas like server rooms to overheat and ultimately cause damage to critical infrastructure.
"IoT is here to stay, but the proliferation and ubiquity of these devices in the enterprise is creating a much larger attack surface -- one which offers easily accessible entry points for hackers," says Michael DeCesare, president and CEO of ForeScout Technologies. "The solution starts with real-time, continuous visibility and control of devices the instant they connect -- you cannot secure what you cannot see".
More details of how poorly secured IoT devices can be exploited can be found in the full report on the ForeScout site.
Photo credit: Olivier Le Moal / Shutterstock