That Internet-of-Things products are insecure is a cat that has left the bag a long time ago. You can take action yourself to ensure a certain level of protection for a connected device, but the ultimate defenses rest within the firmware, which is more often than not riddled with vulnerabilities.
During a 30-day period, some thousands of Bitdefender BOX 2 units reported that 95% of vulnerabilities detected in smart things were firmware-related. In total, BOX owners received details about 13,300 security bugs, along with recommendations to update the affected gadgets with the latest code from the manufacturer. The pool of systems recognized by BOX comprised anything from IP cameras to printers and network attached storage (NAS) equipment.
A little more than 9,000 weaknesses identified by BOX 2 had been disclosed publicly. Where necessary and feasible, criminals can write code to take advantage of them. In some cases exploitation is made easier because the public report comes with a proof of concept (PoC) – demonstrative code that shows exactly how the glitch could be abused, allowing anyone to adapt it to a specific purpose.
The most common type of vulnerability encountered by BOX 2 is denial of service (DoS), accounting for 42% of all firmware-related security faults. Runner up in the list are overflow types of bugs (21%).
Both flaws come with serious risks to the owner: capitalizing on the first one renders the device non-functional either permanently or temporarily. The second includes a wide array of possibilities for hackers, depending on how good is their exploit code: it could give increased permissions on the gadget and the possibility to execute code on it. But it can also lead to a denial-of-service condition.
The firmware of 10% of the systems analyzed by BOX 2 was susceptible to code execution, which, when exploited, typically subdues the device to the attacker’s will. In 7% of the cases, Bitdefender’s hardware security solution noticed glitches that could be used to glean information from the gadget, which would help hackers find software components they can attack or details about the network it connects to.
Among the issues that recorded the lowest percentage were restriction bypass and memory corruption, at 3.8% and 3.4%, respectively. Even if less widespread, they pose the risk of unauthorized reach to restricted areas of the system, control of the device, and denial of service – serious threats for the systems and their owners alike.
The data analyzed by the latest version of Bitdefender BOX shows that most of the times device ran firmware vulnerable to multiple problems. This is common in the world of IoT, as is firmware from the same maker being supplied to products of the same category from different vendors.
Bitdefender BOX covers security for all IoT devices in your house, alerting you when vulnerable code is at the helm of a smart system, and blocking exploitation attempts against it. The solution casts its protection even outside your home, to your mobile devices.