Nozomi Networks, a leading provider of OT and IoT security solutions, published its OT/IoT Security Report summarizing its research in ransomware and IoT vulnerabilities of the first half of 2021.
The report shares insights about the discovered vulnerabilities of 3 surveillance cameras that use Peer-to-Peer (P2P) functionality to provide access to audio/ video (A/V) streams, and report on an IoT security camera cyberattack that resulted in unauthorized access to the live video feeds of 150,000 surveillance cameras and their full archive.
Nozomi Networks’ research shows that privacy and security implications of using a camera’s P2P feature are not clearly explained to users and by exploiting these vulnerabilities, an attacker can intercept the A/V stream at will.
P2P vulnerabilities may or may not result in breaches and exposure of confidential information, however, in March 2021 a very public security camera cyberattack occurred, affecting 150,000 cameras of the vendor Verkada. Attackers were also able to execute shell commands on breached cameras, providing an entry point for lateral movement on victims’ networks. This could lead to consequences such as data theft, ransomware deployment or system disruption.
IoT devices are often insecure by design. The goal of the IoTAC project is to reduce the vulnerability of IoT systems by its technology and multiple modules.
Nozomi Networks’ latest report can be downloaded from https://www.nozominetworks.com/ot-iot-security-report/.