IofT.jpgThe Internet of Things Raises Risks

Imagine if all of the multi-function printer units in your organization sent an electronic copy of every document that is scanned, copied, or printed to a remote attacker. It happens. Now imagine if someone could tap the microphones in all of your office’s conferencing equipment. It also happens – without your knowledge.

The Internet of Things (IoT) is becoming a prime target for hackers in 2016. The IoT consists of devices such as printers, security cameras, door access control and HVAC that are connected to the Internet – providing convenience and control to the organization. Gartner predicts there will be 6.4 billion ‘things’ connected electronically in 2016, a 30 percent increase from last year, and that the number will jump to 21 billion within five years.

In many cases, these systems are installed by third parties, with limited visibility available to the IT staff of the organization. As a result, unsuspecting organizations are creating enormous vulnerabilities which allow hackers to monitor the happenings of offices, undetected by its staff. For those that are interested in stealing trade secrets and operational data, the IoT offers unimaginable access to every detail of an organizations’ strategic and tactical direction.

Penetration Testing Uncovers Vulnerabilities

A penetration test is perfectly suited to explore the impact of network-connected devices on the operational security of an organization. A team of skilled penetration testers can demonstrate how these devices can be used to extract sensitive intelligence about a company or impact operations. I find it ironic that our teams often find vulnerabilities in the security appliances and monitoring devices that enable us to compromise our clients’ networks.

Here are a few examples of what our penetration testers have uncovered:

  • Vulnerabilities in door lock systems that allow us to enter an organization’s premises after it’s locked up for the night
  • Capability for outsiders to monitor audio feeds of the CEO’s private meeting room
  • Ability to disable cameras within the organization
  • Through hacked camera feeds, we could watch the comings and goings of employees. Imagine timing an attack to occur when the IT staff is out to lunch.

As innovation in technology brings convenience to our daily lives, we have to identify and minimize the potential vulnerabilities these technologies create. With the forecast for connected things exploding to 21 billion in five years, organizations need to understand the inherent security risks of the IoT and apply penetration testing to safeguard their networks.

 

For weekly insights into cybersecurity, please sign up here:

Subscribe to HORNE Cyber Blog

COMMENTS

THIS POST WAS WRITTEN BY Wesley McGrew

Wesley serves as the director of cyber operations for HORNE Cyber. Known for his work in offensive information security and cyber operations, Wesley specializes in penetration testing, network vulnerability analysis, exploit development, reverse engineering of malicious software and network traffic analysis.

Find me on: