Is this the ironic security lesson that will wake the IoT industry and users up from cyber-complacency?
The risks of IoT are slowly surfacing with wider adoption taking place across the globe.
In a massive cyberattack and stroke of irony last month, Verkada, a Silicon Valley startup specializing in security surveillance, lost control of its own network of IP cameras when hackers obtained ‘root’ access on the connected devices. This enabled the criminals to use the IoT devices as a launching point for attacks laterally across the entire enterprise network.
With this super user access to the security cameras, the hackers were able to stream live feeds of every Verkada customer’s camera network. Here is the stinger: Verkada’s large customer base includes large enterprises like Tesla, public jails, hospitals, and schools.
In addition to the 150,000 live video feeds accessed, the hackers were able to download all archived videos—a sizeable bounty. Without a quick fix, many of these organizations had to shut down their network of security cameras to prevent unauthorized access.
Internet of Things or Threats
IoT devices present a huge attack surface and can be easy for cybercriminals to hack into, if certain precautions and settings are not addressed:
- Devices with little to no built-in security measures are deployed
- Devices that run on simple or legacy operating systems
- Weak, easy-to-guess passwords are used to restrict access
- The firmware and software are difficult to update
According to Check Point Software Technologies, IoT devices have unique characteristics depending on the type of device functionality, operating systems, and so on. They also often use proprietary protocols that are difficult to understand, making it difficult for IT and network managers to set security policies.
Many of them are also left unmonitored, meaning that although these devices are connected to any given network, it is extremely difficult to control them, view them, and create policies for these devices unless AI-automated solutions are installed to facilitate their visibility.