When their firmware is vulnerable, it’s up to you to protect your smart devices

That Internet-of-Things products are insecure is a cat that has left the bag a long time ago. You can take action yourself to ensure a certain level of protection for a connected device, but the ultimate defenses rest within the firmware, which is more often than not riddled with vulnerabilities.

During a 30-day period, some thousands of Bitdefender BOX 2 units reported that 95% of vulnerabilities detected in smart things were firmware-related. In total, BOX owners received details about 13,300 security bugs, along with recommendations to update the affected gadgets with the latest code from the manufacturer. The pool of systems recognized by BOX comprised anything from IP cameras to printers and network attached storage (NAS) equipment.

A little more than 9,000 weaknesses identified by BOX 2 had been disclosed publicly. Where necessary and feasible, criminals can write code to take advantage of them. In some cases exploitation is made easier because the public report comes with a proof of concept (PoC) – demonstrative code that shows exactly how the glitch could be abused, allowing anyone to adapt it to a specific purpose.

The most common type of vulnerability encountered by BOX 2 is denial of service (DoS), accounting for 42% of all firmware-related security faults. Runner up in the list are overflow types of bugs (21%).

Both flaws come with serious risks to the owner: capitalizing on the first one renders the device non-functional either permanently or temporarily. The second includes a wide array of possibilities for hackers, depending on how good is their exploit code: it could give increased permissions on the gadget and the possibility to execute code on it. But it can also lead to a denial-of-service condition.

The firmware of 10% of the systems analyzed by BOX 2 was susceptible to code execution, which, when exploited, typically subdues the device to the attacker’s will. In 7% of the cases, Bitdefender’s hardware security solution noticed glitches that could be used to glean information from the gadget, which would help hackers find software components they can attack or details about the network it connects to.

Among the issues that recorded the lowest percentage were restriction bypass and memory corruption, at 3.8% and 3.4%, respectively. Even if less widespread, they pose the risk of unauthorized reach to restricted areas of the system, control of the device, and denial of service – serious threats for the systems and their owners alike.

The data analyzed by the latest version of Bitdefender BOX shows that most of the times device ran firmware vulnerable to multiple problems. This is common in the world of IoT, as is firmware from the same maker being supplied to products of the same category from different vendors.

Bitdefender BOX covers security for all IoT devices in your house, alerting you when vulnerable code is at the helm of a smart system, and blocking exploitation attempts against it. The solution casts its protection even outside your home, to your mobile devices.

6 comments

  • By Robert L Bailey Sr - Reply

    BitbDefender box 1 some how messed up my CenturyLink router. If I disconnect your box, I break my internet connection. How can I fix this problem?

  • By Derick C. - Reply

    Fine article touching upon all salient points of cybersecurity/cyberprivacy issues.
    I’d add just some other items easy to overlook nowadays. I refer to the increasing invasion of privacy by not only foreign governments, but the U.S. Government as well. This observation isn’t new, it’s been a slow incremental invasion across the years which could easily be blamed upon Nixon, Kennedy, Eisenhower or even the person who served under them all – Hoover. In anycase, the current reality, for the novice, is potentially beyond comprehension. For the expert, at any level of experience, it is deeply challenging both to maintain one’s privacy and to determine when a legal request for cooperation strays from national defense to instead be a mere patient and/or preliminary to a violent pursuit and abuse of civil rights guaranteed by the U.S. Constitution. Just because authorities may find the Constitution to be a nuisance doesn’t mean it should not be adhered to and abided by – regardless whomever believes it to be antiquated. Antiquated it may be but it is one of the few barriers to our devolution into a far worse and draconian system. There’s an interesting book everyone should read: Habeas Data (Habeas Data: Privacy vs. the Rise of Surveillance Tech https://www.amazon.com/dp/1612196462/ref=cm_sw_r_cp_tai_ha8jBb65AE2BB).

    As to what Bitdefender Box does, I’m more than elated and relieved to have come upon it as a result of my searches in securing my devices and securing the incoming/outgoing datastreams I choose. What Bitdefender Box tracks and finds and subsequently brings to my attention is really top notch in providing enough detail that I can track the off ending item regardless which directory it may be hiding in. Better yet Bitdefenders Antimalware app the majority of the time does the heavy work itself. The environment on the web and elsewhere will probably continue to deteriorate, and each of us will have to adjust accordingly. It may be safer to return to hieroglyhic ciphers over time, but well see. For now, thanks for the fine work the Bitdefender team does. You are each golden in a good way. Now a word to upper management: Don’t screw this up!

  • By Greybeard - Reply

    Issue with Netgear cable modem needing firmware update. Netgear states it sends update to Comcast to send update. Comcast states they only send updates to THEIR modems and not to privately owned modems. So the customer is left in the middle and vulnerable.

  • By Steve Lynn - Reply

    I do believe.my printer was hacked. I had to completely uninstall it and start over from the beginning . This happened before I hooked up my Bitdefender box. Still trying to get it straighten out.

    Thanks for the info.
    To every one who has any type of computer modem
    The magic word is always check your firm ware

  • By Baljit - Reply

    Its nice, but after I have connected Bitdefender box on my network, i am not able to use Netflix, comes with an error, also not able to use iptv, cant connect to server or other streaming provider services. Is on every devices and smart tv at home. YouTube works fine. Without the box, everything works fine.

    • By Mihai - Reply

      Hi, please contact our BOX support team by email at boxsupport@bitdefender.com and we will be more than glad to help.

  • Add Comment

    Your email address will not be published. Required fields are marked *