Serious IoT Flaws Can Make A Wreck Of Your Network
By: Jim Stickley and Tina Davis
April 19, 2021
Do you have an Internet of Things (IoT) device? Odds are fairly high that you do, whether you realize it or not. These include smart televisions, home assistance devices, such as Alexa, home security systems, and even small appliances. It seems nearly anything these days can be internet-connected, making it an IoT device. Researchers at Forescout have found vulnerabilities within IoT devices that make them ripe for becoming portals for network takeovers or for taking devices offline, making them a complete wreck.
Anything that can allow access to a home or corporate network may be vulnerable with these. There are nine flaws discovered that affect more than 100 million IoT devices; both industrial and consumer devices. The researchers have dubbed this “wreck” because it can certainly make a wreck of your day and your network. Attackers could take advantage and perform denial of service (DoS) attacks or send remote code to them to perform other functions, such as steal sensitive data or shut them down.
These issues don’t affect a particular device or even category of devices because it’s related to how they communicate. This makes it a bit more difficult to say exactly what should be updated to protect against this. But as is often repeated, it’s always best practice to keep all IoT devices updated with patches, as well as software and firmware versions. If your device is ever scheduled for the junkyard, consider upgrading. Once they go that route, patches and updates are no longer released and no digital mechanic can help. It’s time for the scrap yard.
Great news is that patches are available for these nine issues. If you get a notification of any type to update an IoT device, speed right on through to the finish line to get it done. In addition, those in charge of networks should monitor network traffic and address anomalies. Sometimes these can easily be spotted and put to rest before major damage is done. Segmenting networks is also advised to keep malicious actors limited to smaller areas, should they intrude.
Forescout’s researchers found that organizations in the healthcare sector could be among the most affected by these flaws, potentially allowing attackers to access medical devices, obtain private healthcare data, or take devices offline preventing patient care.