𝐃𝐢𝐝 𝐈𝐨𝐓 𝐂𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤𝐬 𝐉𝐮𝐬𝐭 𝐆𝐞𝐭 𝐒𝐞𝐫𝐢𝐨𝐮𝐬?

The advent of IoT has driven technological and economic advancements. However, this has also resulted in a rise in the number of vulnerable smart devices.

(credit: pexels.com)

𝐖𝐡𝐚𝐭’𝐬 𝐠𝐨𝐢𝐧𝐠 𝐨𝐧?

At DEF CON 2020, Barak Sternberg demonstrated vulnerabilities in the HDL automation system that can be abused by threat actors to manipulate existing devices controlled by these systems. The bugs in this automation system used for smart buildings could even allow a complete takeover of accounts belonging to other users in the network.

𝐖𝐡𝐚𝐭 𝐚𝐫𝐞 𝐭𝐡𝐞 𝐢𝐦𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬?

It allows a hacker to control a remote server that is used as a proxy for configuring smart devices in homes, offices, and airports.
The behaviour of the device can be altered, along with gaining access to internal passwords and network configurations.
Server rooms are at high risk if temperatures are increased.

𝐎𝐭𝐡𝐞𝐫 𝐈𝐨𝐓 𝐜𝐲𝐛𝐞𝐫𝐚𝐭𝐭𝐚𝐜𝐤𝐬

More than 3.7 million IoT devices, including doorbells with webcams, baby monitors, and surveillance cameras, were found vulnerable to attackers via two insecure communications protocols.
Last month, a new strain of the Mirai botnet was found attacking particular versions of IP cameras, routers, and smart TVs, via CVE-2020-5902.
Although the Ripple20 vulnerabilities were reported in June, little has improved since then. As per researchers from JSOF, the flaws will never be completely eliminated due to the massive scale of usage of Track stack in various products.

𝐈𝐬 𝐭𝐡𝐢𝐬 𝐠𝐞𝐭𝐭𝐢𝐧𝐠 𝐬𝐞𝐫𝐢𝐨𝐮𝐬?

Although IoT devices have been avoiding debilitating attacks, the threat of malicious botnets causing disruptions in homes and businesses on a global scale is all too real.
These devices are hugely lacking in security measures when it comes to protecting the users' data and privacy. Threat actors often take advantage of lacklustre protections on consumer devices to attack users.
The Mirai botnet and other similar malware threats have been spreading their wings and evolving rapidly to exploit more and more devices.
Moreover, hyperconnectivity is another lucrative pathway for malicious actors, making network security insufficient.

𝐓𝐡𝐞 𝐭𝐚𝐤𝐞𝐚𝐰𝐚𝐲

The bottom line is that the threats facing IoT devices can be countered through a systematic approach to cybersecurity through well-established industry standards, auditing the security of consumer devices, providing regular firmware patches, and promoting information sharing and collaboration efforts.