Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around Deerfield Beach. Computer Services, Tech Support, IT Solutions and more!

Researchers Find 23 IoT Device Manufacturers' Lack of Security Disturbing

Researchers Find 23 IoT Device Manufacturers' Lack of Security Disturbing

At the recent DEF CON security conference in Las Vegas, hackers taking part in the IoT Village tested the security of a variety of Internet-of-Things devices that are widely available to consumers. They found dozens of vulnerabilities, reinforcing the idea that IoT-device manufacturers need to do a better job securing their products.

In total, hackers found 47 new vulnerabilities affecting 23 individual devices from 21 separate manufacturers. Participants in the IoT Village released their findings to these manufacturers, with the hopes that patches will be issued to resolve the security issues. It’s not clear how many of these manufacturers will heed the warnings, however. In fact, it’s entirely possible that many manufacturers will ignore the research and continue to hastily push out IoT devices in order to meet the market's insatiable demand for them.

What makes these vulnerabilities worrisome is the fact that so many different types of IoT devices were found to be vulnerable. Consider this concerning list:

  • Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate. Elecycle, Vians, Lagute, Okidokeys, Danalock.
  • A wheelchair from an unknown vendor.
  • A thermostat from Trane.
  • A solar array management device from Tigro Energy.
  • A smart lock from a vendor called August.
  • The Belkin F9K1122 wireless range extender.
  • The ZyXel NBG6716 wireless router.

If you happen to use any of these products, then you’ve got good reason to contact the manufacturer and ask about what steps they’ve taken to resolve the known security risk. The best case scenario you can hope for is that they’ve resolved the issue (or issues) and provide a patch. Conversely, if the manufacturer plays dumb, then you know they’re not being truthful, and you should consider switching to a more secure product.

Overall, even if you don’t use any of the products listed above, the findings of the IoT Village serves as a cautionary tale for anybody looking to implement IoT technology in the near future. Unfortunately, vulnerabilities found in IoT devices are a result of the high demand for these products. As mentioned above, manufacturers have been known to rush devices to market without fully testing the product’s security capabilities, putting consumers at risk. CIO explains it like this, “Even though there have been some efforts to draft security guides and standards for IoT vendors, the rush to bring new ‘smart’ devices to market will unfortunately mean that many of them will have critical flaws.”

As far as how critical a security flaw can be for an IoT device, it really depends on the device itself and the intent of the hacker. For example, a hacker with access to a thermostat can cause a heating system to fail, leading to pipe bursts. Additionally, a researcher from IoT Village went on record to say, "If you bought a used ASL-01 lock, any previous owner or guest of a previous owner could gain access to your home. If you bought a used lock on eBay said previous owner knows where you live."

Also, looking beyond the obvious threat of a hacker taking direct control of an unsecure device and manipulating its functionality, there’s the threat that virtually any Internet-connected device can be hacked, injected with malware, and be used as part of a botnet.

When it comes to buying and implementing a new IoT device for your business, one thing is for certain: you’re going to want to fully understand its capabilities and the potential risks it poses to your business. Otherwise, you may end up with a big problem that will leave your system vulnerable.

Worker Productivity Suffers When Politics Take Cen...
Tip of the Week: How to Get Rid of These Windows 1...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Monday, 23 December 2024

Captcha Image

Blog Archive

2014
January
February
March
April
May
June
July
August
September
October
November

Mobile? Grab this Article

QR Code
Request a Consultation

Direct Technology Group strives to provide the best comprehensive IT, Computer, and Networking services to small businesses. We can handle all of your organization's technology challenges.

Contact Us
Contact Us

Learn more about what Direct Technology Group can do for your business.

1358 W Newport Center Dr
Deerfield Beach, Florida 33442

Call us: (954) 739-4700

News & Updates
Direct Technology Group is proud to announce the launch of our new website at www.directtechnologygroup.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...