2 min read

Pick Smart Products with Self-Healing Abilities

Ionut ILASCU

February 20, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Pick Smart Products with Self-Healing Abilities

For many smart device owners, the only line of defense against run-of-the-mill hacking operations remains keeping the gadgets updated with the latest firmware from the vendor. Patches are not always available when the vulnerability is publicly disclosed and, users often do not even know if there is an update to apply to their devices, creating a window of opportunity for hackers.

This syncope in the security state of IoT devices may be on track to extinction, as attackers advance methods of finding and exploiting vulnerable systems with tools that automate the most of the undertaking. Limiting the damage is possible if manufacturers adapt to the changing threat landscape, act on responsible disclosure reports and push a solution directly to devices ahead of public vulnerability notifications.

Case in point: a recently released security tool can automate the steps for finding and exploiting targets online. AutoSploit is a script that binds together the Shodan search engine for internet-connected hardware, and Metasploit, a penetration testing framework that incorporates exploit code for vulnerabilities that have been released publicly. Once started, AutoSploit should dictate the course of action, finding particular devices and tossing appropriate exploits at them.

Although it has the potential for responsible use, the tool demands little competence from attackers in its current form, allowing them to gain control over a large number of devices and turning the creation of an IoT botnet into a point-and-click game. For this reason, the release of AutoSploit created ripples of controversy in the security industry; similar reactions surfaced when Shodan and Metasploit launched, but they are now are essential components in legal security work.

Much of the criticism is spurred by the current dearth of vendors who offer automatic updates for their products to make sure that online devices benefit from the latest firmware version. From a security standpoint, the feature is like a self-immunization ability for smart gadgets, shielding them from attacks targeting known vulnerabilities: when a security bug is reported and fixed, clients receive the patch and install it either silently or with minimal intervention from the user.

Hackers automate as much of their work as possible and already concoct scripts and utilities for this purpose. AutoSploit is just an easy-grab alternative. Spending a little extra for a product that can update itself is an investment in protecting your privacy and potentially your money; at the same time, companies that do not deliver such a feature are forced to follow the “trend” or sink.

AutoSploit may turn the tables on the current update delivery paradigm and push IoT makers in the right direction if one consequence of its release is the compromise of a barrage of insecure smart devices. Even if the armies of enslaved equipment are not used for mischief, the outcome itself should be sufficient for stronger intervention from both the public and private sector to enforce security standards and educate consumers.

In the meantime, you can opt for an automated alternative to determine which of your devices are vulnerable and need patching; Bitdefender BOX takes care of this problem and stops attacks before they do any damage.

Image credit: distel2610

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2 Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2
Filip TRUȚĂ

January 27, 2022

2 min read
Microsoft Uncovers New SolarWinds Vulnerability While Analyzing Log4j Exploit Activity Microsoft Uncovers New SolarWinds Vulnerability While Analyzing Log4j Exploit Activity
Silviu STAHIE

January 26, 2022

1 min read
Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw
Filip TRUȚĂ

January 26, 2022

1 min read