Eu Red Iot Security

Extended EU RED directive enforces higher IoT security by 2024

80 percent of cyberattacks are directed against wireless devices 

Bad Homburg, Germany, November, 9th, 2021 – The Internet of Things, i.e. especially all wireless smart devices, poses one of the greatest risks in information technology. By introducing new security requirements, the EU Commission is now significantly raising the bar for manufacturers and distributors of such devices – to protect businesses and consumers. The new extension to the RED (Radio Equipment Directive 2014/53/EU) covers all devices approved for sale in the EU and is set to come into force across the EU from 2024. “We welcome the EU’s initiative. During investigations in our lab, we often find serious weaknesses in almost all wireless devices. These range from routers to tablets, IP cameras, smart speakers, baby monitors to smart devices in corporate networks. Hackers can often easily gain access to the local network, sensitive data and servers via these devices,” states Jan Wendenburg, CEO of IT security company IoT Inspector. In addition to their own test lab, the security experts also operate Europe’s largest platform for automated firmware verification of IoT devices, which automatically and reliably detects security risks and compliance violations. However, according to Wendenburg, the insufficient specification of the newly amended directive is problematic, and makes implementation difficult – even though it will soon be binding for all manufacturers. 

Hundreds of thousands of vulnerabilities are already in circulation 

“Routers and numerous other IoT devices are in use for up to ten years in corporate networks, and often even longer in private households. The lack of obligation so far to provide more security via firmware updates is an incalculable risk,” says Jan Wendenburg of IoT Inspector. Only recently, IoT Inspector uncovered severe security vulnerabilities in components from Realtek and Broadcom, which could easily spread to hundreds of thousands of devices by up to 65 renowned manufacturers, due to a lack of transparency in supply chain and product development processes. Affected devices include routers, IP cameras, smart lighting controls, and many other products that are in use in businesses and homes around the world. A security audit therefore already needs to take place during product development, to identify and address potential vulnerabilities before market launch. IoT Inspector’s platform provides product manufacturers and integrators with a proven automated security analysis solution that automatically monitors IoT firmware throughout the entire product lifecycle. Integrating IoT Inspector into the product development process reduces costs, resources, development time, and project risks. 

Rapid response required 

The EU Commission has revealed that 80 percent of cyberattacks already target wireless devices, making them a popular gateway for further damage to networks. Cyber threats are rapidly evolving, with attackers’ technologies becoming increasingly complex and adaptable. “Cybercrime has long since evolved from the work of a few hackers to a veritable business model for criminal organizations. It is hard to estimate how the threat situation will develop in the coming months,” warns Jan Wendenburg. In its new IT security report, the German Federal Office for Information Security (BSI) assesses the current situation as “tense to critical,” with some areas already on red alert. The increase has been disproportionate, especially in the last two years. Therefore, effective monitoring bodies, such as testing and certification organizations, need to be empowered quickly to effect corrective measures for a plus in IoT security based on real results and analyses.  


ONEKEY is a leading European specialist in product cybersecurity. The unique combination of an automated security & compliance software analysis platform and consulting services by cybersecurity experts provides fast, comprehensive analysis, and solutions in the area of IoT/OT product cybersecurity. Building upon automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time, and can thus be remediated in a targeted manner. The easy-to-integrate solution enables manufacturers, distributors, and users of IoT technology to quickly and continuously perform 24/7 security and compliance audits throughout the product lifecycle. Leading international companies in Asia, Europe, and America are already successfully benefiting from the ONEKEY platform and experts.


Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Share on xing
Share on email