A new report has suggested that Independent Security Evaluators (ISE) has found 125 susceptibilities in 13 IoT devices, reiterating an industrywide issue of a dearth of rudimentary security thoroughness. The susceptibilities exposed in the research possibly impact millions of IoT devices.
Lead ISE researcher Rick Ramgattie said: “Our results show that businesses and homes are still vulnerable to exploits that can result in significant damage,” adding that “these issues are completely unacceptable in any current web application.”
An attacker can gain a position within a network in businesses and homes to misuse and affect supplementary network devices, spy information that passes through the devices, redirect traffic, incapacitate the network, and launch additional outbound attacks on other targets from the victims’ networks.
ISE selected devices from an array of manufacturers. Products ranged from devices intended for homes and small offices to expensive devices designed for enterprise use. As well as new devices, ISE encompassed some devices from earlier research to find whether manufacturers have enhanced their security method or practices over the years.
“We found that many of these issues were trivial to exploit and should have been discovered even in a rudimentary vulnerability assessment,” says ISE founder Stephen Bono. “This indicates that these manufacturers likely undergo no such assessment whatsoever, that the bug bounty programs they employ are ineffective, that vulnerability disclosures sent to them are not addressed, or more likely, all of the above.”
The researchers reliably revealed all of the susceptibilities they exposed to affected vendors, most of them rapidly responded and addressed the issues.