ECA Services - Hackable in 3 Minutes

Hackable in 3 Minutes

In News by cbetton

ECA Services - Hackable in 3 MinutesAs of June 2016, 65% of enterprises have deployed IoT applications. By 2018, 2/3 of said enterprises will experience breaches in security due to those applications. When you consider there are almost 6.5 billion devices already in use today, with a projected 20 billion by 2020, it’s undeniable to see that IoT is truly here to stay, but can we say the same for its security.

Recent findings from ForeScout Technologies and their “IoT Enterprise Risk Report” have highlighted the severe and quite concerning security limitations that surround enterprise IoT devices. Vulnerabilities in enterprise-grade technology are posing significant risks, not just to networks and systems, but the overall security of organisations around the world. Most enterprise IoT devices are hackable in less than three minutes and it can take days, weeks or even months to assess the situation, repair the damage and reinforce security. With millions of wireless devices scattered throughout our national infrastructure, each being a gateway to a much wider enterprise network, it’s clear that IoT growth has helped to grow the surface area for attack.

Hackers can plant back doors, jam communications and spoof systems, giving them access and control over what is now a rather diverse range of IoT applications. ForeScout has split the dangers in 3 rankings – disastrous, disruptive and damaging.

  • Disastrous
    • Security Systems
      • Operating wirelessly; hackers can take advantage of unencrypted RF technology, granting them the ability to send false triggers, access control systems, turn off sensors, remotely operate door locks and even redirect or switch off surveillance equipment.
    • Climate Control
      • Heating, Ventilation and Air Conditioning (HVAC) technology typically operates on the same network as connected infrastructure, leaving the entire system open to attack once it’s been breached. HVAC can give attackers the ability to change climate conditions, forcing rooms to overheat and cause damage.
  • Disruptive
    • Video Conferencing
      • Internet-based conference calling can mostly be operated with a single click, leaving the system vulnerable to attack. Considering that most video conferencing facilities are placed in sensitive areas, hackers can not only gain access to microphones, cameras, software and data, but also corporate information that might not be suitable for the public domain.
    • VoIP Phones
      • VoIP phones provide a wide range of additional features; however they also act as a gateway to a wider network. Microphones and speakerphones can be hacked just from knowing the phone’s IP address.
  • Damaging
    • Smart Refrigerators
      • Smart fridges can now be connected to Wi-Fi with screens that can run a variety of applications. Due to the low-risk nature of such a device, security certificates aren’t always up-to-date. Hackers can essentially modify the traffic between the appliance and the server, granting them access to the wider network and the credentials stored on it.
    • Smart Lighting
      • Hackers need only be within Wi-Fi range to access a network through a smart light bulb. Once hacked, they can access credentials for other devices – from laptops and tablets to manufacturing systems and automation lines.

Many of these innovative technologies have been found to have outdated firmware and are not built with embedded security framework. The drive to bring IoT applications to the market is outweighing our focus on security – essential sacrificing our physical and digital safety. From back doors and malware to credential theft and fraud; hackers could soon have access to both the networks we use and the data we store on them.

As we store more information online, we need our devices, our systems and our applications to consider security as highly as we do as individuals. 20 billion devices, 1/3 of which could be vulnerable – IoT is showing no signs of slowing down so neither should our efforts in security.