Security News First Public Demo of Data Breach via IoT Hack Comes to RSAC

[LASER_oneXM]

Content source

https://www.darkreading.com/vulnerabilities---threats/first-public-demo-of-data-breach-via-iot-hack-comes-to-rsac/d/d-id/1331588

At RSA Conference, Senrio researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.

RSA CONFERENCE 2018 – San Francisco – Many security professionals acknowledge that Internet of Things (IoT) devices have the potential to be an avenue into their enterprise networks — but for most, breach-by-refrigerator or DDoS-by-coffeepot is a theoretical flight of fancy and not a genuine threat. That might change Thursday, when researchers will present here the first public demonstration of an IoT hack resulting in a breach of personally identifiable information.

The vice president of research, M. Carlton, and chief technology officer, Stephen Ridley, of IoT security company Senrio will present "Lateral Attacks between Connected Devices in Action" on the RSA Sandbox's IoT stage Thursday.

"'Chained attacks on IoT security' — it's only been uttered as this platitude," says Ridley, "but have you actually seen a camera get popped" and used to compromise other systems?
"We all know IoT is vulnerable," says Carlton. "We don't all know what the impact of one vulnerable IoT device in an enterprise can be. ... It is a profound impact."
This particular attack can also be a danger to organizations with good security measures in place. In the demo, the IoT device need not be directly connected to the target network device. It doesn't require sophisticated hacking skills — Metasploit tools or the Linux command line will suffice.