Cybersecurity firm Forescout Technologies uncovered vulnerabilities in software that millions of smart devices use. Hackers can exploit these flaws to infiltrate and ultimately disrupt home and business networks. Although there is no evidence that threat actors have taken advantage of these weaknesses, the US Cybersecurity and Infrastructure Security Agency (CISA) had to warn against the issue.
That’s because they exist in data-communications software central to internet-connected devices, which include smart thermometers, plugs, printers, healthcare appliances, office routers, and industrial control systems.
According to Forescout, around 150 manufacturers produce potentially affected devices, most of which are remote-controlled temperature sensors and cameras. Therefore, the company recommended disconnecting industrial control systems from the web and isolating them from corporate networks.
Awais Rashid, a computer scientist at Britain’s Bristol University, examined Forescout’s report. He warned that if attackers exploit these weaknesses, they can cripple control systems that operate “critical services to society” like power, water, and automated building management.
Furthermore, Rashid said that developers’ poor programming is the main issue here. Cybersecurity experts discover plenty of threats coming from Internet-linked devices developed without much attention to security.
No Easy Fix
Fixing the exploits is no easy matter because they’re located in open-source software, code that anyone can use or modify and mostly maintained by volunteers. Moreover, the issue involves a suite of communication protocols used to interconnect network devices on the internet called TCP/IP.
Elisa Costante, vice president of research at Forescout, said that some of the vulnerable TCP/IP code is decades old and no longer supported. She added that manufacturers are responsible for patching the flaws, but some won’t even bother because it’s time and money-consuming.
Forescout Technologies informed as many device vendors as possible about the software weaknesses, dubbed AMNESIA:33, but it couldn’t identify all infected appliances. It also warned American, German, and Japanese cybersecurity authorities.
Browsing the web exposes users to all sorts of security risks and privacy intrusions. That’s why many connect to a reputable VPN service before going online. VPNs offer traffic encryption, a no-logging policy, IP address switching, and access to geo-restricted content.