Networked security cameras are the most likely to have vulnerabilities Networked security cameras are the most likely to have vulnerabilities when it comes to securing Internet of Things devices in the enterprise, according to a new report by Zscaler. “I would consider the entire video camera category as particularly dangerous,” said Deepen Desai, director of security research at Zscaler. Take, for example, the Flir FX wireless HD monitoring camera. Researchers found that the camera communicated with the parent company in plain text and without authentication tokens. “The firmware that was being updated was not being digitally signed,” said Desai. That means that attackers have the opportunity to introduce their own, malicious firmware instead, he said. Another camera, the Foscam IP surveillance camera, connects to a web server to stream video to users’ desktops or smartphones. That can be a useful feature, but the user credentials, including the password, are transmitted in plain text, over HTTP, right in the URL. The Axis camera has a remote management console, but it uses basic HTTP authentication, allowing sniffing and man-in-the-middle attacks. Zscaler also found that consumer devices frequently appeared inside enterprises, such as the Chromecast and Roku media players and smart TVs. Zscaler didn’t find any security issues with either the Chromecast or the Roku, but the smart TVs used outdated libraries which could be used to get control of the system. Late last month, a botnet that infected networked devices, cut off access to large areas of the Web. But this isn’t actually the biggest threat that vulnerable IoT devices pose for enterprises, Desai said. But when Zscaler analysed the traffic from enterprise devices, and correlated it with DDoS attacks, there were no spikes. “Based on the analysis that we did, none of the devices that were in our customers’ enterprise networks were affected,” Desai said. “My take on that is that enterprises had their IoT devices properly segmented in the network. The way that the Mirai botnet was propagating, it was preying on weak and default connections.” But just because the most recent round of attacks did not reach these devices, doesn’t mean that companies should get complacent. And the risks are much higher than simply having a device in a network that acts as a DDoS message relay. An infected device can be an access point into an enterprise network. And an infected camera can do even more damage. “If an attacker got access to your video camera, they could see what’s going on in the environment,” he said. So for example, they can see when particular areas are unguarded, to plan both physical attacks and cyber attacks. Desai suggested that enterprises restrict access to IoT devices as much as possible, by blocking external ports or isolating devices on isolated networks, to prevent lateral movement. They should also change default credentials, and set up a process to apply regular security and firmware updates. Related content news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities After two decades of regular and indispensable updates, it’s clear that security teams need take a more holistic approach to applying fixes far beyond the Microsoft ecosystem. By Susan Bradley Dec 06, 2023 6 mins Patch Management Software Threat and Vulnerability Management Windows Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe