IoT Hacking Alert: Touchscreens
As the Internet of Things (IoT) continues to grow, so do security vulnerabilities of those utilitarian devices that go unnoticed because they are embedded in our everyday lives.
Take the touchscreens that control everything from the temperature of a hotel room to the presentation display in a conference room. White hat hackers have identified security flaws in devices from a major player that provides touchscreen control systems used by corporations, airports, sports stadiums, and even local governments - Crestron.
At a recent ethical hacking conference, a researcher reported vulnerabilities in Crestron touchscreens that would allow a hacker to stream video from a hotel room, record audio from a high-security meeting and exploit these security oversights in numerous other ways. A main discovery was device defaults are set with security authentication protections disabled. While the company reported they are unaware of any security breaches, they responded by offering a mandatory firmware update for all systems to address the flaws.
Takeaways:
Companies should be certain that firmware is up-to-date for Crestron systems and other automation & control solutions that integrate technologies through touchscreens, and that all security protection options are enabled. Settings may have to be manually changed to employ security authorization protections.
While in the office, a hotel room, or at an event, always remain aware of the devices around you and the places in which you discuss confidential and/or sensitive information.