Forescout Reveals Risk of Enterprise IoT Devices Utilizing Unencrypted Protocols
- Newly formed
Forescout Research Labsaims to execute pioneering research on the threats facing network connected enterprise devices
- Latest research demonstrates ease with which malicious actors could disrupt the normal functioning of a smart building by attacking its video surveillance systems
- Research exploits unencrypted video streaming protocols of a surveillance camera as an example of a cyber-physical attack
“Today’s connected world is made up of billions of devices that use a myriad of operating systems and network protocols to exchange data across industries and boundaries,” said
To demonstrate the cyber risks of a smart building,
The research highlights the following findings:
- Many IoT devices, including surveillance cameras, are set up by default to communicate over unencrypted protocols, allowing for traffic sniffing and tampering of sensitive information.
Forescout Research Labsdemonstrated how sensitive information could be tampered with using surveillance cameras commonly used by enterprises. Researchers successfully replaced a network video recorder’s footage with previously recorded fake content.
- Compromising the video surveillance system is an example of a cyber-physical attack.
- A search on Shodan pulled up nearly 4.7 million devices that could be potentially impacted by using these unencrypted protocols.
“We are at the forefront of the IT/OT convergence that brings massive benefits to enterprises, but unfortunately it also comes with an increased level of cyber risk,” continued Costante. “You can expect to hear more from our team as we set out on a mission to educate the market on how to protect businesses and infrastructures from the bad actors that leverage device, network, and protocol vulnerabilities to damage or disrupt their functions.”
- Forescout Device Cloud Report revealed cybersecurity risks associated with today’s healthcare IT environments; OT systems represent a growing attack surface.
- The Role of Cybersecurity in M&A Diligence examined the growing concern of cyber risks and the importance of cyber assessment during M&A and the subsequent integration process.
Forescoutperformed an exercise in vulnerability and malware research for devices commonly used in building automation system (BAS) networks.
Media Relations Contact:
Investor Relations Contact:
Source: ForeScout Technologies, Inc.