WikiLeaks is at it again. The most recent document dump, dubbed Vault 7, describes a vulnerability in some Samsung TV’s that turns them into secret recording devices. The exploit makes the Samsung TV appear powered off while it records audio in the room with its built-in microphone. It is yet another example highlighting how Internet of Things (IoT) devices are rapidly expanding the attack surface of companies.
I can’t remember the last time I walked into a conference room or an executive’s office that didn’t have a flat screen TV mounted on the wall. They are as common today as the water cooler used to be. Their ubiquity in corporate America is one reason this exploit might be more widespread than you expect. But the more interesting aspect is where these vulnerable TV’s are located. They are in boardrooms, briefing centers and in the offices of CEOs—all places that have confidential conversations happening within them. The ability to listen to executives talk about new product features, operational strategies or even personal details would be very valuable for someone engaging in corporate espionage. The impact to the bottom line and reputation of the company could be devastating.
Since only certain firmware versions are vulnerable, upgrading to the latest firmware will patch the vulnerability. This is a manual process, and if you’re a company with tens or hundreds of devices, it will take time and resources to patch all of them—resources that are better used to run your business. And what about the next IoT vulnerability? Fixing that will be a manual process as well, assuming you can actually patch the device. That’s because you can’t install management software on security cameras, HVAC (heating, ventilation, air conditioning) systems and many other IoT devices. You need an IoT strategy that recognizes the limitations and risks, as well as the benefits of bringing these devices into your organization.
Forescout specializes in identifying and securing IoT devices. We can identify potentially vulnerable Samsung TV’s on your network and block malicious activity. When a new Samsung TV joins the network, Forescout can automatically restrict its access, notify the operations team, and log the actions so you have an audit trail of what took place. Forescout can automate your workflows to secure IoT devices on your network, freeing up valuable resources to focus on your core business.
Want to learn more? Feel free to contact me: firstname.lastname@example.org.