- Newly formed Forescout Research Labs aims to execute pioneering research on the threats facing network connected enterprise devices
- Latest research demonstrates ease with which malicious actors could disrupt the normal functioning of a smart building by attacking its video surveillance systems
- Research exploits unencrypted video streaming protocols of a surveillance camera as an example of a cyber-physical attack
SAN JOSE, Calif. – July 30, 2019 – Forescout Technologies, Inc. (NASDAQ: FSCT), the leader in device visibility and control, today announced new research, “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT,” which investigates how surveillance cameras, smart lights, and other IoT devices within smart buildings could be attacked by cyber criminals and how to mitigate those attacks. The research findings will be presented at the DEF CON 27 ICS Village in Las Vegas on Aug. 10 at 2 pm PT.
“Today’s connected world is made up of billions of devices that use a myriad of operating systems and network protocols to exchange data across industries and boundaries,” said Elisa Costante, head of Forescout Research Labs, Forescout. “We created Forescout Research Labs to explore the security implications of this hyper-connected world and research the associated threats and risks coming from these devices.”
To demonstrate the cyber risks of a smart building, Forescout Research Labs set up a real-world smart building environment containing video surveillance, smart lighting, and other IoT devices, and analyzed how an attacker could obtain initial access to this network and some of the attacks they could implement for each subsystem.
The research highlights the following findings:
- Many IoT devices, including surveillance cameras, are set up by default to communicate over unencrypted protocols, allowing for traffic sniffing and tampering of sensitive information.
- Forescout Research Labs demonstrated how sensitive information could be tampered with using surveillance cameras commonly used by enterprises. Researchers successfully replaced a network video recorder’s footage with previously recorded fake content.
- Compromising the video surveillance system is an example of a cyber-physical attack.
- A search on Shodan pulled up nearly 4.7 million devices that could be potentially impacted by using these unencrypted protocols.
“We are at the forefront of the IT/OT convergence that brings massive benefits to enterprises, but unfortunately it also comes with an increased level of cyber risk,” continued Costante. “You can expect to hear more from our team as we set out on a mission to educate the market on how to protect businesses and infrastructures from the bad actors that leverage device, network, and protocol vulnerabilities to damage or disrupt their functions.”
Forescout Research Labs will leverage unique insights and data gathered from the Forescout Device Cloud, which is one of the world’s largest crowdsourced device repositories and now contains more than 10 million devices from nearly 1,200 customers who share anonymized device insights.
Other Recent Research:
- Forescout Device Cloud Report revealed cybersecurity risks associated with today’s healthcare IT environments; OT systems represent a growing attack surface.
- The Role of Cybersecurity in M&A Diligence examined the growing concern of cyber risks and the importance of cyber assessment during M&A and the subsequent integration process.
- Forescout performed an exercise in vulnerability and malware research for devices commonly used in building automation system (BAS) networks.
Forescout Technologies, Inc. provides security at first sight. Our company delivers device visibility and control to enable enterprises and government agencies to gain complete situational awareness of their environment and orchestrate action. Learn more at www.forescout.com.
© 2019 Forescout Technologies, Inc. All rights reserved. Forescout Technologies, Inc. is a Delaware corporation. A list of our trademarks and patents can be found at https://www.forescout.com/company/legal/intellectual-property-patents-trademarks. Other brands, products, or service names may be trademarks or service marks of their respective owners.