According to a Rapid7 research, most of the vulnerabilities and exposures identified are trivial to exploit by a reasonably competent attacker, especially in the context of a focused campaign against company officers or other key business personnel.
All of the devices exhibited several common and well-known security issues – as well as ten new vulnerabilities. Typically, the newly disclosed vulnerabilities are effectively mitigated only by disabling the device and applying a firmware update when one becomes available.
The research notes that other products of direct interest to commercial and industrial consumers and security researchers (commercial security systems, home automation systems, on-premise climate control systems) share many of the insecure design and deployment issues found.
He warned that if criminals can break into IoT devices connected directly to the internet without requiring authentication and their associated web services, it could provide an opportunity to hack into the rest of the home network.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now