Internet security researchers claim that they have found flaws in software that placed millions of smart devices at risk of hacking or attacks.
The security vulnerabilities, also known as vulnerabilities, could be used to target business or home computer networks by hackers.
The study, by cybersecurity company Forescout Technologies, says an estimated 150 manufacturers designed the affected devices.
Several devices are intended for personal use and provide the ability to remotely control home cameras and temperature sensors, the report said. Similar machines are used by organizations in surveillance systems, heating and cooling appliances, printers and servers.
Protect Smart Devices: Perfect Way for Your Smart Home Devices to Lock Down
There is no confirmation that any attacks on compromised computers have already been carried on. But the threats outlined in the study contributed to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory warning.
In the advisory, CISA suggests that defensive measures should be taken to lessen the risks of hacking. Specifically, the agency said industrial control systems should not be accessible from the internet and should be separated from company networks.
Awais Rashid is a computer scientist at Britain’s Bristol University who examined the report’s findings. He told The Associated Press that in the worst case, control systems that drive “critical services” – such as water, power and self-operating building equipment – could be damaged.
Rashid said the discovery shows the dangers cybersecurity experts often find in internet-linked devices designed without much attention to security. Careless programming by developers appears to be the main issue in this case, he added.
Dealing with the problem is especially complex because the vulnerabilities are found in so-called open-source software. Open-source means the software is free to use and that the program that was first created can be changed by anyone.
In this case, the issue relates to internet software that runs communications through a technology called TCP/IP. This technology uses a set of rules that control the connection of computer systems to the internet.
Elisa Costante is vice president of research for Forescout. She told the AP the fact that open-source software is not owned by anyone makes the problem difficult to solve. In addition, some of the vulnerable TCP/IP methods used are twenty years old.
This means it is up to device manufacturers to fix the vulnerabilities themselves and some may not have the time or money to do so, Costante said.
“The biggest challenge comes in finding out what you’ve got,” said Bristol University’s Rashid.
The vulnerabilities could leave business networks open to destructive denial-of-service attacks. Computer systems could also be infected with ransomware or other tools that permit attackers to take over devices.
Experts say the risks are even higher now with so many people working from home during the coronavirus pandemic. This could permit attackers to hack into home networks and use this as a pathway into company networks.
Forescout says it contacted as many device manufacturers as it could about the vulnerabilities. It also warned security officials in the U.S., Germany and Japan.
Article published on Voanews