Vulnerabilities in Internet of Things (IoT) Devices

Forescout researchers discovered vulnerabilities in IoT devices such as IP cameras, IoT gateways, smart lights, and motion sensors, which could allow malicious actors to penetrate business networks and perpetrate criminal activities. More specifically, the vulnerabilities in surveillance cameras, which are trusted for the physical security of buildings and personnel, may be discoverable via the Shodan IoT device search engine and could allow for remote code execution, complete takeover of the cameras, and manipulation of live-streamed footage to hide evidence of crimes. The researchers observed weak security protocols such as default login credentials. They also demonstrated a MitM attack between the camera and computer, and modified the footage to display pre-recorded images to hide actual criminal activity occurring. The NJCCIC recommends IoT device users install updates when available, place devices behind a firewall, and modify default credentials and configuration settings. Please review the Forescout report for more information about their findings.