There have always been some questions about whether smart devices are vulnerable to hackers. They typically don’t have screens, have limited functions, and we usually don’t think about managing them. But last week, the Wall Street Journal reported that “Attackers used an army of hijacked security cameras and video recorders to launch several massive internet attacks.” The article by Drew Fitzgerald went on to say, “the assaults raised eyebrows among security experts both for their size and for the machines that made them happen. The attackers used as many as one million Chinese-made security cameras, digital video recorders and other infected devices to generate webpage requests and data that knocked their targets offline”, including the internet security site Krebsonsecurity.com.
Smart devices and IoT devices in fact can become hacking targets because they fit the target profile of either zombie assets that are typically plugged in and forgotten, without routine updates and patches, or rogue/ unauthorized devices, which are not managed as network assets and many times are still using the factory default passwords. The recent attacks primarily used cameras and video recorders from a specific Chinese manufacturer because of their widespread use and a particular firmware vulnerability. Other devices such as consumer wifi routers are also increasingly being hijacked because they still use the factory default passwords which can be found with a simple google search.
- Define and enforce good policies and procedures, including strong passwords and regular patches and firmware upgrades
- Conduct regular risk assessments, including penetration testing and scanning for rogue devices and unauthorized devices
- Utilize a layered defense strategy to prevent attacks, identify intrusions and then manage/mitigate any attacks when they do occur.
Just because it doesn’t have a screen doesn’t mean it isn’t vulnerable and you shouldn’t manage it…
To read the full article “Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks”, click here.
To learn more about how Onepath’s Managed Security services, go to www.1path.com/managed-services or call 678.695.5600.