Infected Smart TV in Corporate Headquarters


Medium Enterprise

Entry Point:

Infected IoT device


Data theft

Primary Detection:

Anomalies, and repetitive machine-like behavior detected by behavioral analytics features within MENDEL

Attack Stopped by:

Firewall Integration

MENDEL was installed to monitor the network at the headquarters of a commercial enterprise. As part of an office renovation, the company installed a smart TV in their employee cafeteria. As an IoT device, endpoint security was not installed, but it could still communicate over the entity’s network. MENDEL was able to monitor the device by analyzing its network communications.

MENDEL identified periodic, repetitive communication, including a higher than expected volume of data transfer outbound from the network taking place at this device. MENDEL automatically alerted the security team, who usedMENDEL’s firewall integration to block communications from the device prior to investigation. Using MENDEL’s incident management tools, the team was able to coordinate investigation of the device. The television contained malicious apps which were the cause of the problem, and which were pre-installed on the TV. They were removed.

IoT devices are notoriously dangerous to the larger network over which they communicate. They often feature easily breakable passwords which are unknown to the end user and which are rarely changed (and in some cases, are available via Google search). Endpoint security clients often cannot be installed on IoT devices and they are frequently overlooked by network administrators. MENDEL detects threats from IoT devices just like it detects those from “traditional” devices – by modeling their normal behavior and identifying anomalous and possibly malicious events as the threats attempt to take action within the network.