Tuesday, 17 November 2015

"A Quarter Of IoT Devices Is Leak '


Connecting IoT devices in the home is like playing Russian roulette. Nearly one in four 'connected' devices for home use is not secured. Or there are errors in the firmware or the Web portal to gain access to the device is not secure enough. That's the conclusion of researchers from the French Eurecom and the Ruhr University in Bochum, Germany. They examined the firmware on routers, modems, VoIP phones, network cameras and other IoT devices that can be managed via the internet.

Attempts were made to undermine security by customizing the firmware by malicious software updates, but also to attack the web portal of the aircraft. The portals were exposed to frequent attacks such as XSS (cross-site scripting), CSRF (cross-site request forgery), SQL injection and RCE (remote code / command execution).

In total, were investigated in 1925 firmware images from 54 different manufacturers. More than 9200 vulnerabilities were found in 185 firmware images. Although only 8 percent of the firmware php code contained in the management of the portal, was found in 143 firmware images whopping 5000
XSS Vulnerabilities.

The study seems to confirm what even last week at Black Hat Europe emerged. A survey conducted by Information Week and Dark Reading which showed that IT professionals believe that in two years the security of IoT will be a top priority. Now the priority is still mainly in the security of applications and end users.

No comments:

Post a Comment