itb-nz logo
Story image

Do not wait: Look at your IoT devices now

The outbreak of COVID-19 is serving as a reminder of how much modern society relies on high levels of connectivity, as more work places shut down and people transition to working remotely.

As millions of people become confined to their homes, the security of Internet of Things devices has never been so important, according to consulting firm Protiviti, who is warning people to not wait and to check their security. 

A recent flash report from Protiviti reveals that devices remain vulnerable, despite how commonplace they are.

The report highlights a set of Bluetooth-related vulnerabilities that could lead to cyberattacks on thousands of IoT devices like deadlocks, crashes, buffer overflows and bypasses, which was recently discovered by researchers from the Singapore University of Technology and Design. 

A total set of 12 vulnerabilities have been reported to affect seven major system-on-a-chip (SoC) vendors whose chips are contained in more than 480 different IoT devices. 

According to the report, potentially impacted devices include, but are not limited to:

  • Medical devices
  • Building automation
  • Security systems
  • Automotive devices
  • Connected lighting devices
  • Smart home products
  • Consumer electronics

Proof-of-concept exploit codes have also been published, which demonstrate the vulnerabilities and their different impacts on the Bluetooth Low Energy (BLE) implementation within SoC chipsets, as well as how they can be exploited, Protiviti says. 

"With this code now being made freely available to the public, the probability that cybercriminals will attempt to abuse these vulnerabilities in the near future is highly likely," the company explains. 

"It is important for organisations to take action immediately to determine if they already have affected devices deployed and if so, take steps to patch them or mitigate the risk of exploitation."

Protiviti says companies that use or manufacture Bluetooth-enabled IoT devices should take immediate steps which include: 

  1. Review IoT device inventory and determine if any of the devices use the affected chips.
  2. Contact the device vendors to determine if devices are affected by the vulnerabilities.
  3. For devices that have BLE capabilities, rank/prioritise devices in terms of need and potential impact to the business and determine if their BLE functionality can be disabled.
  4. If BLE cannot be disabled, ask the device vendor if a patch has been released or will be released, as well as the anticipated timeframe and how to apply the patch.
  5. For affected systems that cannot be patched, develop compensating controls such as restricting physical access to the devices to prevent an attacker from getting within BLE range.
  6. Monitor these devices for anomalous activity and educate users to be aware of the associated risks and attack methods.
  7. If you would like more information on the above flash report or more insight from Protiviti executives on what businesses can do to protect their businesses in this highly online environment, please let us know.


 

Link image
Total business continuity for remote and branch offices
Your customers no longer have to choose between simplicity and meeting your SLAs when managing their ROBO site. OneXafe Solo is a plug-and-protect backup appliance optimised for enterprise ROBO locations.More
Story image
Veeam reports biggest second quarter in company history
"During Q2’20, Veeam continued to accelerate its business and growth trajectory with our broad ecosystem of partners, and we have maintained a customer-first ethos."More
Download image
Why there's a huge push for NFV in today's enterprises
To help networking and IT professionals better understand the opportunities and challenges associated with deploying NFV technology, new research based on responses from more than 1,300 IT and networking professionals from around the world is now available. More
Story image
Genesys recognises leaders in customer experience with latest awards
The Genesys Awards celebrates eight companies from around the world for driving significant improvements in business results and delivering 'remarkable' customer experiences.More
Story image
'Cash is king' and changing plans: new study looks at IT costing trends
The survey data details significant cuts to IT budgets and shifting business priorities in the wake of the COVID-19 pandemic and subsequent economic fallout.More
Story image
Huawei introduces all-flash OceanStor Dorado arrays
All-flash offers stability and high-performance storage with extremely low levels of latency – and it can offer reliability in the event of a disaster.More