IoT Devices Carry Risk Across All Verticals, Study Finds

A new survey aims to offer a clearer image of the Internet of things (IoT) and the distribution of vulnerabilities and other issues across all major verticals, identifying the most problematic IoT devices active today.

IoT devices are ubiquitous in today’s world, even where we don’t see them. In many cases, the IoT hardware suffers from the same problem confronting all other devices: lack of support, vulnerabilities, and complacency.

Researchers from Forescout looked at how these IoT devices are spread across all verticals, such as financial services, government, healthcare, manufacturing and retail. Their findings are worrying, but they also fall in line with what was already suspected.

The IoT devices exposed to the most significant risk include smart buildings, medical devices, networking equipment and VoIP phones. Even in these categories, the biggest problems are the systems that provide physical access control, which are literally doorways into the physical world.

“According to our data sample, physical access control solutions are the systems at highest risk due to the presence of many critical open ports, a lot of connectivity with risky devices and the presence of known vulnerabilities,” states The Enterprise of Things Security Report.

The riskiest device functions across verticals are:

1. Physical Access Control Solution, mostly used in systems that allow entry with badges, for example. They are prone to security issues such as open Telnet ports.
2. HVAC Systems (Heating, ventilation and air conditioning)
3. Network Cameras. IP cameras represent key targets for bad actors looking for open ports and unpatched vulnerabilities.
4. PLC or Programmable logic controller. Used to control critical industrial processes (such as the ones targeted by the famous Stuxnet malware), they are not as vulnerable as the rest, but they do present huge security challenges.
5. Radiotherapy Systems. While no known vulnerabilities exist, they do tend to use Telnet and other critical ports for communication.
6. Out-of-Band Controllers. Numerous vulnerabilities have been identified already, allowing for
7. Radiology Workstations. Workstations are commonly connected to other healthcare systems, but an eventual compromise of these systems would have considerable impact.
8. Picture Archiving and Communication Systems (PACS): PACS are medical imaging systems that provide storage, retrieval, management, distribution and presentation of medical images
9. WPA (wireless access points): There are too many problems to list, but it’s safe to say that they are some of the most targeted devices in the IoT infrastructure.
10. Network Management Cards: These cards are used to monitor and control individual UPS devices remotely. They have known vulnerabilities.

The first step to solving a problem is to know what the problem is. In this case, it’s useful to see how the risk is spread across the main verticals and what the IoT devices are most exposed to. Solving security is a much more complex issue, but that’s impossible without knowing what to fix.