Research
Security Vulnerabilities in IoT Devices: Dangerous Full Access for Hackers
.jpeg)
Mar 3, 2021
3
min read
TablE of contents
When IoT devices can act as Trojan horses, the danger is even greater due to the increase in the number of home offices.
Bad Homburg, March 4, 2021 - Whether we are talking about surveillance cameras for homes and companies, baby cams, robot vacuum cleaners or smart locking systems - IoT devices are increasingly finding their way into networks, opening many doors to hacker attacks. According to the security experts at IoT Inspector, almost every device suffers from serious vulnerabilities: "Users, manufacturers and distributors are not really aware of the need for security in these devices. A WiFi key that can be read out of a vacuum cleaner in plain text, or an admin account with dangerous full access in the firmware of a surveillance camera that is invisible to the user and originates from the OEM in China are just a few of the immense security flaws we see time and again," explains Rainer M. Richter, Managing Director of IoT Inspector. The company has automated the security inspection of the firmware of smart devices, enabling an in-depth analysis in just a few minutes that reveals a multitude of vulnerabilities and enables their targeted remediation. The integrated Compliance Checker feature also looks for violations of international IT security regulations.
Higher Risk in Home Offices
According to the experts, the drastic increase in the number of people working in home offices poses a particular risk. IoT devices used privately can be easily hacked, allowing access to a WiFi network, for example, and thus increasing the risk of infection for computers and other IT components located therein. Getting access to a secured company network - for example via a VPN connection - is the crowning glory of a possible hacking strategy. However, more and more smart devices with an Internet connection are also on the move directly within companies: not only production control systems, but also locking and monitoring systems are online around the clock. "It has apparently yet to become established that the convenience associated with IoT devices in the IT infrastructure also entails considerable security risks. Those who have long since become accustomed to firewalls and virus scanners must not stop at smart devices when it comes to IT security", summarizes Rainer M. Richter.Secure Yesterday, No Longer Secure Today
IoT devices also include printers, routers, smart lighting and climatization controls, which are also potential gateways for hackers. They can be misused as Trojan horses, enabling network infiltration, data theft or the placement of ransomware. Many of the devices already examined by IoT Inspector are also used in critical infrastructures - an immense risk and also a breach of IT compliance requirements. At the same time, it must be clear that IoT security cannot be permanently ensured by a one-time inspection. Every firmware update - from the smart camera to the router and every other IoT acquisition - carries the risk of new security vulnerabilities. A monitoring function within the IoT Inspector platform enables daily checks for new risks and ongoing compliance with international regulations, which also change periodically depending on the country.About Onekey
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
CONTACT:
Sara Fortmann
Marketing Manager
sara.fortmann@onekey.com
euromarcom public relations GmbH
+49 611 973 150
team@euromarcom.de
Ready to automate your Product Cybersecurity & Compliance?
Make cybersecurity and compliance efficient and effective with ONEKEY.