2 min read

When their firmware is vulnerable, it's up to you to protect your smart devices

Ionut ILASCU

June 07, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
When their firmware is vulnerable, it's up to you to protect your smart devices

That Internet-of-Things products are insecure is a cat that has left the bag a long time ago. You can take action yourself to ensure a certain level of protection for a connected device, but the ultimate defenses rest within the firmware, which is more often than not riddled with vulnerabilities.

During a 30-day period, some thousands of Bitdefender BOX 2 units reported that 95% of vulnerabilities detected in smart things were firmware-related. In total, BOX owners received details about 13,300 security bugs, along with recommendations to update the affected gadgets with the latest code from the manufacturer. The pool of systems recognized by BOX comprised anything from IP cameras to printers and network attached storage (NAS) equipment.

A little more than 9,000 weaknesses identified by BOX 2 had been disclosed publicly. Where necessary and feasible, criminals can write code to take advantage of them. In some cases exploitation is made easier because the public report comes with a proof of concept (PoC) – demonstrative code that shows exactly how the glitch could be abused, allowing anyone to adapt it to a specific purpose.

The most common type of vulnerability encountered by BOX 2 is denial of service (DoS), accounting for 42% of all firmware-related security faults. Runner up in the list are overflow types of bugs (21%).

Both flaws come with serious risks to the owner: capitalizing on the first one renders the device non-functional either permanently or temporarily. The second includes a wide array of possibilities for hackers, depending on how good is their exploit code: it could give increased permissions on the gadget and the possibility to execute code on it. But it can also lead to a denial-of-service condition.

The firmware of 10% of the systems analyzed by BOX 2 was susceptible to code execution, which, when exploited, typically subdues the device to the attacker’s will. In 7% of the cases, Bitdefender’s hardware security solution noticed glitches that could be used to glean information from the gadget, which would help hackers find software components they can attack or details about the network it connects to.

Among the issues that recorded the lowest percentage were restriction bypass and memory corruption, at 3.8% and 3.4%, respectively. Even if less widespread, they pose the risk of unauthorized reach to restricted areas of the system, control of the device, and denial of service – serious threats for the systems and their owners alike.

The data analyzed by the latest version of Bitdefender BOX shows that most of the times device ran firmware vulnerable to multiple problems. This is common in the world of IoT, as is firmware from the same maker being supplied to products of the same category from different vendors.

Bitdefender BOX covers security for all IoT devices in your house, alerting you when vulnerable code is at the helm of a smart system, and blocking exploitation attempts against it. The solution casts its protection even outside your home, to your mobile devices.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read