Eu Red Iot Security

Extended EU RED directive enforces higher IoT security by 2024

80 percent of cyberattacks are directed against wireless devices 

Bad Homburg, Germany, November, 9th, 2021 – The Internet of Things, i.e. especially all wireless smart devices, poses one of the greatest risks in information technology. By introducing new security requirements, the EU Commission is now significantly raising the bar for manufacturers and distributors of such devices – to protect businesses and consumers. The new extension to the RED (Radio Equipment Directive 2014/53/EU) covers all devices approved for sale in the EU and is set to come into force across the EU from 2024. “We welcome the EU’s initiative. During investigations in our lab, we often find serious weaknesses in almost all wireless devices. These range from routers to tablets, IP cameras, smart speakers, baby monitors to smart devices in corporate networks. Hackers can often easily gain access to the local network, sensitive data and servers via these devices,” states Jan Wendenburg, CEO of IT security company IoT Inspector. In addition to their own test lab, the security experts also operate Europe’s largest platform for automated firmware verification of IoT devices, which automatically and reliably detects security risks and compliance violations. However, according to Wendenburg, the insufficient specification of the newly amended directive is problematic, and makes implementation difficult – even though it will soon be binding for all manufacturers. 

Hundreds of thousands of vulnerabilities are already in circulation 

“Routers and numerous other IoT devices are in use for up to ten years in corporate networks, and often even longer in private households. The lack of obligation so far to provide more security via firmware updates is an incalculable risk,” says Jan Wendenburg of IoT Inspector. Only recently, IoT Inspector uncovered severe security vulnerabilities in components from Realtek and Broadcom, which could easily spread to hundreds of thousands of devices by up to 65 renowned manufacturers, due to a lack of transparency in supply chain and product development processes. Affected devices include routers, IP cameras, smart lighting controls, and many other products that are in use in businesses and homes around the world. A security audit therefore already needs to take place during product development, to identify and address potential vulnerabilities before market launch. IoT Inspector’s platform provides product manufacturers and integrators with a proven automated security analysis solution that automatically monitors IoT firmware throughout the entire product lifecycle. Integrating IoT Inspector into the product development process reduces costs, resources, development time, and project risks. 

Rapid response required 

The EU Commission has revealed that 80 percent of cyberattacks already target wireless devices, making them a popular gateway for further damage to networks. Cyber threats are rapidly evolving, with attackers’ technologies becoming increasingly complex and adaptable. “Cybercrime has long since evolved from the work of a few hackers to a veritable business model for criminal organizations. It is hard to estimate how the threat situation will develop in the coming months,” warns Jan Wendenburg. In its new IT security report, the German Federal Office for Information Security (BSI) assesses the current situation as “tense to critical,” with some areas already on red alert. The increase has been disproportionate, especially in the last two years. Therefore, effective monitoring bodies, such as testing and certification organizations, need to be empowered quickly to effect corrective measures for a plus in IoT security based on real results and analyses.  

About ONEKEY

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.

 

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de