The advent of IoT has driven technological and economic advancements. However, this has also resulted in a rise in the number of vulnerable smart devices.
What’s going on?
At DEF CON 2020, Barak Sternberg demonstrated vulnerabilities in the HDL automation system that can be abused by threat actors to manipulate existing devices controlled by these systems. The bugs in this automation system used for smart buildings could even allow a complete takeover of accounts belonging to other users in the network.
What are the implications?
- It allows a hacker to control a remote server that is used as a proxy for configuring smart devices in homes, offices, and airports.
- The behavior of the device can be altered, along with gaining access to internal passwords and network configurations.
- Server rooms are at high risk if temperatures are increased.
Other IoT cyberattacks
- More than 3.7 million IoT devices, including doorbells with webcams, baby monitors, and surveillance cameras, were found vulnerable to attackers via two insecure communications protocol.
- Last month, a new strain of the Mirai botnet was found attacking particular versions of IP cameras, routers, and smart TVs, via CVE-2020-5902.
- Although the Ripple20 vulnerabilities were reported in June, little has improved since then. As per researchers from JSOF, the flaws will never be completely eliminated due to the massive scale of usage of Treck stack in various products.
Is this getting serious?
- Although IoT devices have been avoiding debilitating attacks, the threat of malicious botnets causing disruptions in homes and businesses on a global scale is all too real.
- These devices are hugely lacking in security measures when it comes to protecting the users' data and privacy. Threat actors often take advantage of lacklustre protections on consumer devices to attack users.
- The Mirai botnet and other similar malware threats have been spreading their wings and evolving rapidly to exploit more and more devices.
- Moreover, hyperconnectivity is another lucrative pathway for malicious actors, making network security insufficient.
The bottom line is that the threats facing IoT devices can be countered through a systematic approach to cybersecurity through well-established industry standards, auditing security of consumer devices, providing regular firmware patches, and promoting information sharing and collaboration efforts.