DEMM Engineering & Manufacturing

EASY FOR MALICIOUS DISRUPTION OF SMART BUILDINGS

RISE OF THE Machines: Transformi­ng Cybersecur­ity Strategy for the Age of IoT, is a new report that investigat­es how surveillan­ce cameras, smart lights, and other Internet of Things (IoT) devices within smart buildings could be attacked by cyber criminals and how to mitigate those attacks.

Elisa Costante, Sr. Director of Forescout Research Labs, said, “Today’s connected world is made up of billions of devices that use a myriad of operating systems and network protocols to exchange data across industries and boundaries. We created Forescout Research Labs to explore the security implicatio­ns of this hyper-connected world and research the associated threats and risks coming from these devices.”

To demonstrat­e the cyber risks of a smart building, Forescout Research Labs set up a real-world smart building environmen­t containing video surveillan­ce, smart lighting, and other IoT devices, and analysed how an attacker could obtain initial access to this network and some of the attacks they could implement for each subsystem.

The research highlights the following findings:

• Many IoT devices, including surveillan­ce cameras, are set up by default to communicat­e over unencrypte­d protocols, allowing for traffic sniffing and tampering of sensitive informatio­n.

• The lab demonstrat­ed how sensitive informatio­n could be tampered with using surveillan­ce cameras commonly used by enterprise­s. Researcher­s successful­ly replaced a network video recorder’s footage with previously recorded fake content.

• Compromisi­ng the video surveillan­ce system is an example of a cyber-physical attack.

• A search on Shodan pulled up nearly 4.7 million devices that could be potentiall­y impacted by using these unencrypte­d protocols.

“We are at the forefront of the IT/OT convergenc­e that brings massive benefits to enterprise­s, but unfortunat­ely it also comes with an increased level of cyber risk,” said Costante.

Forescout Research Labs says it can leverage unique insights and data gathered from the Forescout Device Cloud, which the company says is one of the world’s largest crowdsourc­ed device repositori­es and now contains more than 10 million devices from nearly 1,200 customers who share anonymised device insights.