Security Vulnerabilities in IoT Devices: Dangerous Full Access for Hackers

When IoT devices can act as Trojan horses, the danger is even greater due to the increase in the number of home offices. 

Bad Homburg, March 4, 2021 – Whether we are talking about surveillance cameras for homes and companies, baby cams, robot vacuum cleaners or smart locking systems – IoT devices are increasingly finding their way into networks, opening many doors to hacker attacks. According to the security experts at IoT Inspector, almost every device suffers from serious vulnerabilities: “Users, manufacturers and distributors are not really aware of the need for security in these devices. A WiFi key that can be read out of a vacuum cleaner in plain text, or an admin account with dangerous full access in the firmware of a surveillance camera that is invisible to the user and originates from the OEM in China are just a few of the immense security flaws we see time and again,” explains Rainer M. Richter, Managing Director of IoT Inspector. The company has automated the security inspection of the firmware of smart devices, enabling an in-depth analysis in just a few minutes that reveals a multitude of vulnerabilities and enables their targeted remediation. The integrated Compliance Checker feature also looks for violations of international IT security regulations.  

Higher Risk in Home Offices  

According to the experts, the drastic increase in the number of people working in home offices poses a particular risk. IoT devices used privately can be easily hacked, allowing access to a WiFi network, for example, and thus increasing the risk of infection for computers and other IT components located therein. Getting access to a secured company network – for example via VPN connection – is the crowning glory of a possible hacking strategy. However, more and more smart devices with an Internet connection are also on the move directly within companies: not only production control systems, but also locking and monitoring systems are online around the clock. “It has apparently yet to become established that the convenience associated with IoT devices in the IT infrastructure also entails considerable security risks. Those who have long since become accustomed to firewalls and virus scanners must not stop at smart devices when it comes to IT security”, summarizes Rainer M. Richter. 

Secure Yesterday, No Longer Secure Today 

IoT devices also include printers, routers, smart lighting and climatization controls, which are also potential gateways for hackers. They can be misused as Trojan horses, enabling network infiltration, data theft or the placement of ransomware. Many of the devices already examined by IoT Inspector are also used in critical infrastructures – an immense risk and also a breach of IT compliance requirements. At the same time, it must be clear that IoT security cannot be permanently ensured by a one-time inspection. Every firmware update – from the smart camera to the router and every other IoT acquisition – carries the risk of new security vulnerabilities. A monitoring function within the IoT Inspector platform enables daily checks for new risks and ongoing compliance with international regulations, which also change periodically depending on the country. 

Copy Of Ads 480 120

About ONEKEY

ONEKEY is a leading European specialist for automated security & compliance analysis for industrial (IIoT & ICS), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, are using this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Share on xing
Share on email