Newsroom

Forescout reveals risk of enterprise IoT devices utilising unencrypted protocols

Forescout

  • Newly formed Forescout Research Labs aims to execute pioneering research on the threats facing network connected enterprise devices
  • Latest research demonstrates ease with which malicious actors could disrupt the normal functioning of a smart building by attacking its video surveillance systems
  • Research exploits unencrypted video streaming protocols of a surveillance camera as an example of a cyber-physical attack

Sydney, Australia – Forescout Technologies, Inc. (NASDAQ: FSCT), the leader in device visibility and control, has announced new research, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT,” which investigates how surveillance cameras, smart lights, and other Internet of Things (IoT) devices within smart buildings could be attacked by cyber criminals and how to mitigate those attacks.

Elisa Costante, Sr. Director of Forescout Research Labs, said, “Today’s connected world is made up of billions of devices that use a myriad of operating systems and network protocols to exchange data across industries and boundaries. We created Forescout Research Labs to explore the security implications of this hyper-connected world and research the associated threats and risks coming from these devices.”

To demonstrate the cyber risks of a smart building, Forescout Research Labs set up a real-world smart building environment containing video surveillance, smart lighting, and other IoT devices, and analysed how an attacker could obtain initial access to this network and some of the attacks they could implement for each subsystem.

The research highlights the following findings:

  • Many IoT devices, including surveillance cameras, are set up by default to communicate over unencrypted protocols, allowing for traffic sniffing and tampering of sensitive information.
  • Forescout Research Labs demonstrated how sensitive information could be tampered with using surveillance cameras commonly used by enterprises. Researchers successfully replaced a network video recorder’s footage with previously recorded fake content.
  • Compromising the video surveillance system is an example of a cyber-physical attack.
  • A search on Shodan pulled up nearly 4.7 million devices that could be potentially impacted by using these unencrypted protocols.

“We are at the forefront of the IT/OT convergence that brings massive benefits to enterprises, but unfortunately it also comes with an increased level of cyber risk,” said Costante. “You can expect to hear more from our team as we set out on a mission to educate the market on how to protect businesses and infrastructures from the bad actors that leverage device, network, and protocol vulnerabilities to damage or disrupt their functions.”

Forescout Research Labs will leverage unique insights and data gathered from the Forescout Device Cloud, which is one of the world’s largest crowdsourced device repositories and now contains more than 10 million devices from nearly 1,200 customers who share anonymised device insights.

Read the blog and the full report to learn more about the research into how IoT devices can be leveraged as an entry point to a building’s network.

Other recent research:

About Forescout

Forescout Technologies, Inc. provides security at first sight. Our company delivers device visibility and control to enable enterprises and government agencies to gain complete situational awareness of their environment and orchestrate action. Learn more at www.forescout.com.

© 2019 Forescout Technologies, Inc. All rights reserved. Forescout Technologies, Inc. is a Delaware corporation. A list of our trademarks and patents can be found at https://www.forescout.com/company/legal/intellectual-property-patents-trademarks. Other brands, products, or service names may be trademarks or service marks of their respective owners.

Home