Report reveals smart buildings are open to malicious attack

Forescout Research Labs has demonstrated how easily cyber hackers could disrupt the functioning of a smart building via its video surveillance systems. Established to investigate threats facing network-connected enterprise devices, Forescout researchers exploited unencrypted video streaming protocols of a surveillance camera as an example of a cyber-physical attack.

The report ‘Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT’ details the research investigating how surveillance cameras, smart lights and other Internet of Things (IoT) devices within smart buildings could be attacked by cybercriminals and how to mitigate those attacks.

Elisa Costante, Sr Director of Forescout Research Labs, said, “Today’s connected world is made up of billions of devices that use a myriad of operating systems and network protocols to exchange data across industries and boundaries. We created Forescout Research Labs to explore the security implications of this hyperconnected world and research the associated threats and risks coming from these devices.”

To demonstrate the cyber risks of a smart building, Forescout Research Labs set up a real-world smart building environment containing video surveillance, smart lighting and other IoT devices, and analysed how an attacker could obtain initial access to this network and some of the attacks they could implement for each subsystem.

The research revealed:

• Many IoT devices, including surveillance cameras, are set up by default to communicate over unencrypted protocols, allowing for traffic sniffing and tampering of sensitive information.
• Sensitive information could be tampered with using surveillance cameras commonly used by enterprises. Forescout Research Labs researchers successfully replaced a network video recorder’s footage with previously recorded fake content.
• Compromising the video surveillance system is an example of a cyber-physical attack.
• A search on Shodan pulled up nearly 4.7 million devices that could be potentially impacted by using these unencrypted protocols.
   

“We are at the forefront of the IT/OT convergence that brings massive benefits to enterprises, but unfortunately it also comes with an increased level of cyber risk,” said Costante.

“You can expect to hear more from our team as we set out on a mission to educate the market on how to protect businesses and infrastructures from the bad actors that leverage device, network and protocol vulnerabilities to damage or disrupt their functions.”

Read the blog and the full report to learn more about the research into how IoT devices can be leveraged as an entry point to a building’s network.

Image credit: ©stock.adobe.com/au/NAKHARIN