rwt-as logo
Story image

Do not wait: Look at your IoT devices now

The outbreak of COVID-19 is serving as a reminder of how much modern society relies on high levels of connectivity, as more work places shut down and people transition to working remotely.

As millions of people become confined to their homes, the security of Internet of Things devices has never been so important, according to consulting firm Protiviti, who is warning people to not wait and to check their security. 

A recent flash report from Protiviti reveals that devices remain vulnerable, despite how commonplace they are.

The report highlights a set of Bluetooth-related vulnerabilities that could lead to cyberattacks on thousands of IoT devices like deadlocks, crashes, buffer overflows and bypasses, which was recently discovered by researchers from the Singapore University of Technology and Design. 

A total set of 12 vulnerabilities have been reported to affect seven major system-on-a-chip (SoC) vendors whose chips are contained in more than 480 different IoT devices. 

According to the report, potentially impacted devices include, but are not limited to:

  • Medical devices
  • Building automation
  • Security systems
  • Automotive devices
  • Connected lighting devices
  • Smart home products
  • Consumer electronics

Proof-of-concept exploit codes have also been published, which demonstrate the vulnerabilities and their different impacts on the Bluetooth Low Energy (BLE) implementation within SoC chipsets, as well as how they can be exploited, Protiviti says. 

"With this code now being made freely available to the public, the probability that cybercriminals will attempt to abuse these vulnerabilities in the near future is highly likely," the company explains. 

"It is important for organisations to take action immediately to determine if they already have affected devices deployed and if so, take steps to patch them or mitigate the risk of exploitation."

Protiviti says companies that use or manufacture Bluetooth-enabled IoT devices should take immediate steps which include: 

  1. Review IoT device inventory and determine if any of the devices use the affected chips.
  2. Contact the device vendors to determine if devices are affected by the vulnerabilities.
  3. For devices that have BLE capabilities, rank/prioritise devices in terms of need and potential impact to the business and determine if their BLE functionality can be disabled.
  4. If BLE cannot be disabled, ask the device vendor if a patch has been released or will be released, as well as the anticipated timeframe and how to apply the patch.
  5. For affected systems that cannot be patched, develop compensating controls such as restricting physical access to the devices to prevent an attacker from getting within BLE range.
  6. Monitor these devices for anomalous activity and educate users to be aware of the associated risks and attack methods.
  7. If you would like more information on the above flash report or more insight from Protiviti executives on what businesses can do to protect their businesses in this highly online environment, please let us know.


 

Story image
RMIT, Siemens and Festo team up to establish Australian-focused digital innovation hub
“The announcement comes at a time when the COVID-19 pandemic is fundamentally forcing Australians and Australian businesses to look for new ways to keep the engines of the economy running.”More
Story image
Inteview: Mimecast security expert on why email attacks are more successful than ever
Techday spoke to Mimecast Australia principal technical consultant Garrett O’Hara, who walks through why security experts are becoming increasingly pessimistic about email-borne attacks.More
Story image
Wrike rolls out user experience features and brand refresh focused on digital work
To empower organisations move forward in digital transformation strategies, the Reimagined Wrike launch offers two fundamental changes: user experience and updated brand identity.More
Story image
Australians keen to continue working from home, study finds
There may some inherent biases at play – younger employees are less likely to be offered a permanent work from home arrangement or have offered to work from home but their employer has declined. More
Story image
Fortinet’s Security Fabric: Optimised for a remote workforce
Cornelius Mare, Fortinet A/NZ Director Security Solutions, explains how a comprehensive security fabric can help protect and enable a mobile / remote workforce.More
Story image
Rewiring corporate networks for the remote working age
Remote workforces need to access corporate networks from their homes, which means those networks need to be more flexible and scalable than ever before.More