BOSTON (AP) — Researchers at a cybersecurity firm say they have identified vulnerabilities in software widely used by millions of connected devices — flaws that could be exploited by hackers to penetrate business and home computer networks and disrupt them.
Potentially affected devices from an estimated 150 manufacturers range from networked thermometers to “smart” plugs and printers to office routers and healthcare appliances to components of industrial control systems, the cybersecurity firm Forescout Technologies said in a report released Tuesday. Most affected are consumer devices including remote-controlled temperature sensors and cameras, it said.
Source: Research: Millions of smart devices vulnerable to hacking
Have a fitness band, smart thermostat or other smart IoT device? Here’s how to make sure it’s secure.
“As connected consumer devices become more powerful and gain more capabilities, they will become more attractive targets for malicious actors looking to exploit these capabilities,” said Rob Sadowski, director of technology solutions at RSA in Bedford, Massachusetts. “For example, we have already seen attacks exploit vulnerabilities in consumer routers for use in DDoS attacks and consumer NAS [network-attached storage] devices for illicit cryptocurrency mining.”
“Many vendors in the IoT space seem to have little or no concern regarding the safety and security of their customers,” said Craig Young, a security researcher with Tripwire in Alpharetta, Georgia.
Take smart home hubs, for example, which let homeowners automate their electronics and their overall security. Young warned that these hubs tend to come with a lot of risks. For example, one of the top-selling home-automation hubs — Young wouldn’t say which one — currently ships with a deprecated version of firmware that contains numerous publicly known vulnerabilities, as well as a handful of new vulnerabilities.
“Despite these serious security problems,” Young said, “the vendor has not updated the firmware in this device for over a year, even though they have since developed a somewhat less vulnerable firmware. Even worse, the vendor has stated they have no intention of encouraging their users to upgrade.”