Guest Opinion: How Modern Warfare Can Target Vulnerable IIoT Devices

i-PRO Americas’ Will Knehr shares tips for securing industrial Internet of Things devices.

October is Cybersecurity Awareness Month, and the Security Industry Association (SIA) Cybersecurity Advisory Board is marking the occasion with a series of helpful content, tips and guidance on key cybersecurity topics. In this blog from SIA Cybersecurity Advisory Board member Will Knehr – senior manager of information security and data privacy at i-PRO Americas – learn about how vulnerable industrial Internet of Things (IIoT) devices could become weapons in modern warfare.

Following the Hamas attacks on Israel, a cyber war has erupted between Israel, Palestine and their respective supporters. Hacktivist groups have specifically targeted SCADA, ICS systems and other potentially vulnerable systems to cause disruptions to critical infrastructure. Researchers from Cybernews are now warning of another potential target in the cyber war, security cameras. Security cameras are an attractive target for hackers because the devices can be used to spy on unwitting targets, turn off the cameras or alerts to steal contents from the facility or use the device as a bot in a distributed denial of service (DDoS) attack. In the past, some IIoT device manufacturers have focused on functionality over security, leaving these devices vulnerable to hackers.

When doing a quick scan of IIoT devices, the Cybernews research team identified 165 exposed internet-connected Real-Time Streaming Protocol (RTSP) cameras in Israel and 29 in Palestine, all of which anyone worldwide can access without login credentials. The RTSP communication system does not provide encryption or defenses against password-guessing if not properly configured. Easy software tools and tutorials allow malicious actors to identify these cameras and brute-force login credentials (often, these devices have default login credentials or none at all), leading to significant risks in a cyberwar scenario. The exposed RTSP cameras are most prevalent in cities such as Tel Aviv, Potah Tiqva and Rishon LeZion in Israel, mainly in the West Bank in Palestine.

The primary risk of these exposed IP cameras is unauthorized access, which may lead to live feed viewing, recording for surveillance, reconnaissance and gathering of sensitive data. Private and sensitive areas with exposed cameras may have personal information, daily routines or confidential discussions recorded and potentially misused for intelligence gathering, espionage or blackmail. Organizations or government facilities could be of interest to cyber adversaries, allowing them to infiltrate the network connected to the exposed RTSP cameras and subsequently compromise other systems or exfiltrate data. There’s potential for manipulating camera feeds to depict false information, inducing confusion or panic. Cybercriminals can also exploit exposed cameras to create botnets for DDoS attacks and other malevolent activities. Thus, these device owners are responsible for safeguarding their own security and the wider community.

Here are a few quick tips to secure IIoT devices:

1. Purchase IIoT devices from a reputable company that will provide proper protection mechanisms for these devices.
2. Link security or IP cameras to a separate protected subnet with end-to-end encryption and employ WPA2 if the network is wireless.
3. Use encryption tools to ensure secure camera and client communication. Utilizing a VPN for remote access is recommended.
4. Have strong, unique passwords for RTSP cameras to prevent unauthorized access.
5. Keep the camera firmware updated; this is essential for rectifying security flaws and enhancing system protection.
6. Establish access controls to determine who can view the camera feeds.
7. Always use strong encryption protocols like HTTPS (TLS 1.3) when configuring IIoT devices.

Addressing these concerns is pivotal not only for the protection of digital assets but also for preserving the core principles of privacy, security, ethics and trust.