The Jamaica Gleaner published an article on December 9th, 2020 on Research that revealed Millions of Smart Devices Vulnerable to Hacking.
Researchers at a Cybersecurity firm said they have discovered vulnerabilities in software widely used by millions of internet-connected devices. The vulnerabilities identified could be exploited by hackers to penetrate business and home computer networks.
Key points:
- The US Cybersecurity and Infrastructure Security Agency (CISA) has since issued a bulletin regarding the vulnerabilities. The potentially affected devices are smart plugs, printers to office routers, healthcare appliances, and industrial control systems. There is no evidence of any intrusions exploiting these vulnerabilities but their existence is not trivial to security.
- Computer Scientist, Awais Rashid indicated that the worst case is that control systems that drive critical services to society such as water, power, and automated building management could be crippled.
- CISA has recommended that users take defensive measures to minimize the risk of the devices being hacked such as isolating industrial control systems from the internet and corporate networks.
- Some of the vulnerable devices were found using outdated open-source software. Rashid noted that fixing the vulnerabilities is particularly complicated because they are part of open-source software, which nobody specifically owns. These types of software are maintained by volunteers who would end support for some of their distributions after a while.
- If left unpathed, the implications could be a denial of service and/or ransomware attacks on corporate and home networks through vulnerable devices.
Contributed by: Jason Jacobs from Guyana. Jason is a member of the CCST Discord group from the G5 Cyber Security Foundation Ltd. Learn more about CCST (Caribbean Cyber Support Team) by visiting caribbeancst.org. CCST is a collaborative group on the Discord platform for Caribbean people in IT, from beginners to experts.