Report Says Common IoT, Smart Devices Are Cybersecurity Liabilities

New data from cybersecurity firm Forescout finds that common IoT devices found in smart homes such as IP cameras and NVRs present some of the riskiest security vulnerabilities.

Like the majority of security research reports from companies like Forescout, the intended audience is the enterprise sector, but high-end smart home installers should look to the cybersecurity community for guidance when deploying complex networks full of IoT devices.

According to Forescout, IT devices such as routers, wireless access points and endpoints are the riskiest devices, accounting for 58% of vulnerabilities in 2023. Network devices are often exposed online and have dangerous open ports, while endpoints like servers, computers and hypervisors are high risk as entry points due to unpatched systems and applications.

Since routers and wireless access points are among the most vulnerable device types, integrators should apply security hardening tools and segment networks when setting up home networks that power their customers’ high-end smart homes.

Forescout also points out that IoT devices with vulnerabilities have expanded by 136% since 2023, which should raise alarms for any organizations or third-party service providers installing IoT devices.

Specifically, network-attached storage (NAS), voice-over-IP systems, IP cameras and printers are the most “persistent suspects,” Forescout says. However, network video recorders also made the list for the first time. The company also briefly mentions smart TVs, which have long been known to lack security hardening features.

NVRs, like IP cameras, are network-connected devices commonly found online with significant vulnerabilities that cybercriminal botnets and advanced hacking groups have exploited, according to Forescout.

In addition, Forescout says building automation systems have been exploited by hackers to render controllers unusable, recruit vulnerable physical access control devices for botnets, or leverage management workstations for initial access.

“These devices dangerously mix the insecure-by-design nature of OT with the internet connectivity of IoT and are often found exposed online even in critical locations,” Forescout says in its report.

The company recommends upgrading, replacing or isolating older devices or those with known vulnerabilities, implementing automated device compliance verification and enforcement to ensure non-compliant devices can’t connect to the network, and improving network security with segmentation.