ARE YOU READY FOR THE NEW EU CYBER RESILIENCE ACT? » START YOUR CRA READINESS ASSESSMENT TODAY!

Security Vulnerabilities in IoT Devices: Dangerous Full Access for Hackers

When IoT devices can act as Trojan horses, the danger is even greater due to the increase in the number of home offices. 

Bad Homburg, March 4, 2021 – Whether we are talking about surveillance cameras for homes and companies, baby cams, robot vacuum cleaners or smart locking systems – IoT devices are increasingly finding their way into networks, opening many doors to hacker attacks. According to the security experts at IoT Inspector, almost every device suffers from serious vulnerabilities: “Users, manufacturers and distributors are not really aware of the need for security in these devices. A WiFi key that can be read out of a vacuum cleaner in plain text, or an admin account with dangerous full access in the firmware of a surveillance camera that is invisible to the user and originates from the OEM in China are just a few of the immense security flaws we see time and again,” explains Rainer M. Richter, Managing Director of IoT Inspector. The company has automated the security inspection of the firmware of smart devices, enabling an in-depth analysis in just a few minutes that reveals a multitude of vulnerabilities and enables their targeted remediation. The integrated Compliance Checker feature also looks for violations of international IT security regulations.  

Higher Risk in Home Offices  

According to the experts, the drastic increase in the number of people working in home offices poses a particular risk. IoT devices used privately can be easily hacked, allowing access to a WiFi network, for example, and thus increasing the risk of infection for computers and other IT components located therein. Getting access to a secured company network – for example via VPN connection – is the crowning glory of a possible hacking strategy. However, more and more smart devices with an Internet connection are also on the move directly within companies: not only production control systems, but also locking and monitoring systems are online around the clock. “It has apparently yet to become established that the convenience associated with IoT devices in the IT infrastructure also entails considerable security risks. Those who have long since become accustomed to firewalls and virus scanners must not stop at smart devices when it comes to IT security”, summarizes Rainer M. Richter. 

Secure Yesterday, No Longer Secure Today 

IoT devices also include printers, routers, smart lighting and climatization controls, which are also potential gateways for hackers. They can be misused as Trojan horses, enabling network infiltration, data theft or the placement of ransomware. Many of the devices already examined by IoT Inspector are also used in critical infrastructures – an immense risk and also a breach of IT compliance requirements. At the same time, it must be clear that IoT security cannot be permanently ensured by a one-time inspection. Every firmware update – from the smart camera to the router and every other IoT acquisition – carries the risk of new security vulnerabilities. A monitoring function within the IoT Inspector platform enables daily checks for new risks and ongoing compliance with international regulations, which also change periodically depending on the country. 

Copy Of Ads 480 120

About ONEKEY

ONEKEY is a leading European specialist in product cybersecurity. The unique combination of an automated security & compliance software analysis platform and consulting services by cybersecurity experts provides fast, comprehensive analysis, and solutions in the area of IoT/OT product cybersecurity. Building upon automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time, and can thus be remediated in a targeted manner. The easy-to-integrate solution enables manufacturers, distributors, and users of IoT technology to quickly and continuously perform 24/7 security and compliance audits throughout the product lifecycle. Leading international companies in Asia, Europe, and America are already successfully benefiting from the ONEKEY platform and experts.

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Share on xing
Share on email

SECURITY REPORTS - WHITEPAPERS – DOWNLOADS

Click. Fill Form. Download.
ONEKEY Whitepaper EU Cyber Resilience Act Cover

Whitepaper:
Understanding the EU Cyber Resilience Act

Titlepage of the Whitepaper TacklingSoftware Supply Chain Risks with IEC 62443 and SBOM

Whitepaper:
Tackling Software Supply Chain Risks with IEC 62443 and SBOM

Coverpage of the ONEKEY Success Story

Success Story:
How SWISSCOM saves 400K EUR per avoided incident

ONEKEY Datasheet Manufacturing Coverpage

Datasheet:
ONEKEY Platform -
Manufacturing

ONEKEY Datasheet Automotive Coverpage

Datasheet:
ONEKEY Platform -
Automotive

ONEKEY Datasheet onDemand Coverpage

Datasheet:
ONEKEY onDemand Service

IoT Security Report 2022 Title Draft

IoT Security Report 2022

contact us
  • © ONEKEY GmbH