When IoT devices can act as Trojan horses, the danger is even greater due to the increase in the number of home offices.
Bad Homburg, March 4, 2021 – Whether we are talking about surveillance cameras for homes and companies, baby cams, robot vacuum cleaners or smart locking systems – IoT devices are increasingly finding their way into networks, opening many doors to hacker attacks. According to the security experts at IoT Inspector, almost every device suffers from serious vulnerabilities: “Users, manufacturers and distributors are not really aware of the need for security in these devices. A WiFi key that can be read out of a vacuum cleaner in plain text, or an admin account with dangerous full access in the firmware of a surveillance camera that is invisible to the user and originates from the OEM in China are just a few of the immense security flaws we see time and again,” explains Rainer M. Richter, Managing Director of IoT Inspector. The company has automated the security inspection of the firmware of smart devices, enabling an in-depth analysis in just a few minutes that reveals a multitude of vulnerabilities and enables their targeted remediation. The integrated Compliance Checker feature also looks for violations of international IT security regulations.
According to the experts, the drastic increase in the number of people working in home offices poses a particular risk. IoT devices used privately can be easily hacked, allowing access to a WiFi network, for example, and thus increasing the risk of infection for computers and other IT components located therein. Getting access to a secured company network – for example via a VPN connection – is the crowning glory of a possible hacking strategy. However, more and more smart devices with an Internet connection are also on the move directly within companies: not only production control systems, but also locking and monitoring systems are online around the clock. “It has apparently yet to become established that the convenience associated with IoT devices in the IT infrastructure also entails considerable security risks. Those who have long since become accustomed to firewalls and virus scanners must not stop at smart devices when it comes to IT security”, summarizes Rainer M. Richter.
IoT devices also include printers, routers, smart lighting and climatization controls, which are also potential gateways for hackers. They can be misused as Trojan horses, enabling network infiltration, data theft or the placement of ransomware. Many of the devices already examined by IoT Inspector are also used in critical infrastructures – an immense risk and also a breach of IT compliance requirements. At the same time, it must be clear that IoT security cannot be permanently ensured by a one-time inspection. Every firmware update – from the smart camera to the router and every other IoT acquisition – carries the risk of new security vulnerabilities. A monitoring function within the IoT Inspector platform enables daily checks for new risks and ongoing compliance with international regulations, which also change periodically depending on the country.