Cybersecurity researchers at security company Forescout analysed over 19 million Internet of Things-connected devices deployed across businesses and industry to determine the riskiest ones to connect to.
Risk was determined by considering the range and severity of vulnerabilities in the types of devices, as well as the number of internet-facing ports – along with how the device could be abused if compromised, and the impact that abuse could have across the wider network.
Researchers found that some of the IoT products that are most at risk are some of the most commonly deployed across smart homes and workplaces.
According to Forescout's research team, Vedere Labs, IP cameras are the riskiest IoT devices because they're commonly exposed to the internet, often only secured with a weak or default password – if the device requires a password at all – and they can have easy-to-exploit unpatched vulnerabilities.
That situation makes them a tempting target for malicious hackers, especially if they're on a flat network, which means breaching the camera can be used as a gateway to other, more valuable targets such as computers and servers.
"These vulnerable cameras can be used by attackers for initial access to a network, lateral movement on a compromised network or to proxy command and control traffic to the internet," Daniel dos Santos, head of security research at Forescout, told ZDNET.
Several malicious hacking groups are reported to have used vulnerabilities in IP cameras to gain initial entry into networks – and Forescout has previously warned that vulnerabilities in cameras could be used as an entry point for ransomware attacks.