Security Vulnerabilities in IoT Devices: Dangerous Full Access for Hackers

When IoT devices can act as Trojan horses, the danger is even greater due to the increase in the number of home offices. 

Bad Homburg, March 4, 2021 – Whether we are talking about surveillance cameras for homes and companies, baby cams, robot vacuum cleaners or smart locking systems – IoT devices are increasingly finding their way into networks, opening many doors to hacker attacks. According to the security experts at IoT Inspector, almost every device suffers from serious vulnerabilities: “Users, manufacturers and distributors are not really aware of the need for security in these devices. A WiFi key that can be read out of a vacuum cleaner in plain text, or an admin account with dangerous full access in the firmware of a surveillance camera that is invisible to the user and originates from the OEM in China are just a few of the immense security flaws we see time and again,” explains Rainer M. Richter, Managing Director of IoT Inspector. The company has automated the security inspection of the firmware of smart devices, enabling an in-depth analysis in just a few minutes that reveals a multitude of vulnerabilities and enables their targeted remediation. The integrated Compliance Checker feature also looks for violations of international IT security regulations.  

Higher Risk in Home Offices  

According to the experts, the drastic increase in the number of people working in home offices poses a particular risk. IoT devices used privately can be easily hacked, allowing access to a WiFi network, for example, and thus increasing the risk of infection for computers and other IT components located therein. Getting access to a secured company network – for example via VPN connection – is the crowning glory of a possible hacking strategy. However, more and more smart devices with an Internet connection are also on the move directly within companies: not only production control systems, but also locking and monitoring systems are online around the clock. “It has apparently yet to become established that the convenience associated with IoT devices in the IT infrastructure also entails considerable security risks. Those who have long since become accustomed to firewalls and virus scanners must not stop at smart devices when it comes to IT security”, summarizes Rainer M. Richter. 

Secure Yesterday, No Longer Secure Today 

IoT devices also include printers, routers, smart lighting and climatization controls, which are also potential gateways for hackers. They can be misused as Trojan horses, enabling network infiltration, data theft or the placement of ransomware. Many of the devices already examined by IoT Inspector are also used in critical infrastructures – an immense risk and also a breach of IT compliance requirements. At the same time, it must be clear that IoT security cannot be permanently ensured by a one-time inspection. Every firmware update – from the smart camera to the router and every other IoT acquisition – carries the risk of new security vulnerabilities. A monitoring function within the IoT Inspector platform enables daily checks for new risks and ongoing compliance with international regulations, which also change periodically depending on the country. 

Copy Of Ads 480 120


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150