Security flaws exposed on internet-connected baby monitors indicate the poor state of consumer internet of things (IoT) security that businesses should not ignore, warns Rapid7
Sourced through Scoop.it from: www.computerweekly.com
According to security firm Rapid7, most of the vulnerabilities and exposures identified by the research are trivial to exploit by a reasonably competent attacker, especially in the context of a focused campaign against company officers or other key business personnel. “If those key personnel are operating IoT devices on networks that are routinely exposed to business assets, a compromise on an otherwise relatively low-value target – like the video baby monitors covered in this paper – can quickly provide a path to compromise of the larger, nominally external, organisational network,” the report said. The research was conducted by Rapid7 senior security consultant Mark Stanislav in response to reported breaches of internet connected baby monitors to understand the scope of the security risk. Nine video baby monitors – ranging in price from $55 to $250 from eight different manufacturers – were subjected to in-depth security testing. All of the devices exhibited several common and well-known security issues – as well as ten new vulnerabilities, disclosed to the suppliers prior to publication of the research whitepaper.