This article describes some of the vulnerabilities that exist because of IoT security devices that are not being managed properly. For example, the “Devil’s Ivy” vulnerability allowed an attacker to remotely access a video feed from IP cameras, or block another user’s access to the feed. The article mostly focused on physical security systems that banks implement, but the main concept is that devices that are supposed to assist in physical security, can also be an entry point to the organization. These devices need to be patched, hardened and replaced on some sort of cycle.
https://www.securityinfowatch.com/video-surveillance/article/21107167/banks-confront-the-insecurity-of-physical-security
Daniel
I find the given example very interesting. The fact that there could be multiple cameras (which is given) that are connected to different networks which may have unique UN/PW and other configuration items – updating their firmware and what not can truly be a huge task. It’s also an access point for the hackers as mentioned in the article about Devil’s Ivy case. The first three recommendations I get, but at the same time it is a logistical nightmare.