BitSight identifies thousands of global organizations using insecure webcams and other IoT devices, finding many susceptible to eavesdropping
Use of exposed devices gives attackers the ability to listen in on private conversations and view potentially sensitive video feeds in real time
BOSTON, March 9, 2023 /PRNewswire/ -- BitSight, a leader in detecting and managing cyber risk, today unveiled new research which found one in 12 BitSight-tracked organizations with Internet-facing webcams or similar IoT devices are susceptible to video and/or audio compromise. These findings come shortly after the White House release of its National Cybersecurity Strategy, which aims to significantly improve the security of IoT devices.
Spanning 54 countries, exposed organizations include multiple Fortune 1000 organizations, and are concentrated in the education, technology, government and politics, and media and entertainment sectors. Of these sectors, education was found to be most at risk – nearly one in four BitSight-tracked education organizations using Internet-facing webcams and/or similar devices are susceptible to spying.
By utilizing exposed devices, organizations put both cybersecurity and physical security at risk. If these devices are exploited, threat actors could eavesdrop on both private and professional conversations – allowing them to potentially exploit personal information and sensitive business information. Exposed webcams overlooking access-controlled doors and rooms could also provide bad actors with key information relating to physcal security.
"This research shows that even everyday technologies, such as webcams, can leave organizations highly vulnerable if exposed," said BitSight Chief Risk Officer Derek Vadala. "Understanding how these devices can increase an organization's attack surface and taking the steps to deploy them in a manner that limits potential threats is critical."
For this study, BitSight assembled a comprehensive dataset of IP addresses owned by organizations with at least one open audio/video service, mapping them to BitSight's inventory of organizations to determine rates of exposure. The exposed devices discovered by BitSight were found to not be protected by a firewall or VPN, despite recommended best practices. Additionally, they were either misconfigured – possibly due to a user failing to set a password – or suffered from a software vulnerability.
BitSight urges organizations to identify and assess the security of any video- and/or audio-enabled devices deployed internally and by third-party business partners, and engage in the following remediation efforts:
For more information, the full study can be viewed here.
View original content to download multimedia:https://www.prnewswire.com/news-releases/bitsight-identifies-thousands-of-global-organizations-using-insecure-webcams-and-other-iot-devices-finding-many-susceptible-to-eavesdropping-301766374.html