Webcams, Video Conferencing, Smart Security: All Hackable in Less Than 3 Minutes

Seven common enterprise Internet of Things (IoT) devices, including IP-connected security systems, smart HVACs and energy meters, video conferencing systems and connected printers, have proven to be hackable in less than three minutes.

In tests by ForeScout Technologies and ethical hacker Samy Kamkar (including a physical test situation and analysis from peer-reviewed industry research), the devices were shown to lack embedded security. Some were outfitted with rudimentary security, but Kamkar’s analysis revealed many were found to be operating with dangerously outdated firmware. All of them pose significant risk to the enterprise.

Kamkar’s research included a physical hack into an enterprise-grade, network-based security camera. Entirely unmodified and running the latest firmware from the manufacturer, the camera proved itself vulnerable and ultimately allowed for the planting of a backdoor entryway that could be controlled outside the network. using the very same method that caused the Dyn DDoS attack: exploiting the default password.

View the full article at InfoSecurity Magazine here.