CSO reports that a recent study by Eurecom found 38 vulnerabilities in firmware used by companies that manufacture a variety of internet-connected consumer products that leave the devices vulnerable to hackers due to poor encryption and backdoors left open by developers. By correlating the findings in the 693 firmware images studied, researchers were able to conclude that these newly discovered vulnerabilities affect at least 143,000 different products.
Firmware are low-level programs in electronic devices that allow communications between higher-level software (like Operating Systems) and hardware. It tells the hardware how to operate.
Just about everything these days is connected to the internet, including: cars, implanted medical devices, security cameras, common household appliances, TVs, smartphones, and smart sensors in your home. Together these internet-enabled devices comprise what is commonly referred to as the Internet of Things (IoT) and firmware is at the heart of it all.
By rushing products containing poorly designed software to market, manufactures are leaving the public vulnerable to ultra-sophisticated cyber-criminals. As we discussed in a previous post (If It’s Online, It can Be Hacked!), criminals can use these devices to spy on people and even plan physical crimes.
Because everything is being connected to the internet, the IoT makes it possible for different systems to “talk” to each other and share information — and this is where things get dicey.
It may sound funny that a hacker can upload a virus onto a company’s network using someone’s refrigerator, but it really isn’t comical. When you think about it, that same device can also be used to spy on the family living inside the house as well. Not funny at all!
A review of just one data breach blog cited 4 data breaches between August 4, 2014 and August 12, 2014 — and these are only the ones that we know about! The Internet of Things makes life even more dangerous because cyber-criminals can now attack specific targets (corporate and personal) across multiple devices (i.e. PCs, appliances, TVs, smart meters, smartphones, etc.). An attack can literally start at the office and carry through to the person’s home using corporate and personal electronic devices.
A recent Fortinet study found that nearly 60% of those surveyed were concerned about the exposure of sensitive information. Most felt that the Government should regulate data collection and how that data is used. This helps, but doesn’t go far enough.
We need to institute high standards backed by Government regulation to tighten security on consumer devices before they can even be put to market. Prevention is the key to safety on the IoT.
Law makers and manufacturers need to get together and do something now! Inaction aids crime and puts us all in danger.
XSolutions is a Managed Services Provider (MSP) and provides 24/7/365 remote monitoring, scheduled workstation and server maintenance, Help Desk Services, Cloud & Hosted Services, Backup/Disaster Recovery, and Software Development. Call us at (845) 362-9675 and see how we can help your company.