Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More (list of devices, recommendations/solutions)

[LASER_oneXM]

Content source

https://blog.trendmicro.com/trendlabs-security-intelligence/device-vulnerabilities-connected-home-remote-code-execution-and-more/

f there is anything to be learned from the massive attacks that have been seen on connected devices, it is that the internet of things (IoT) is riddled with vulnerabilities. We have seen this time and again with how botnets are created from system weaknesses and have harnessed poor basic security to disrupt many devices and services.

In the past year, we embarked on a closer look at the security of IoT devices around the world. We chose devices that are available in different Amazon regions and are widely used in the Japan market, and tried to find out whether remote code execution (RCE) is possible. What we ended up finding out was more than that.

After months of finding bugs, reporting issues, and awaiting manufacturer responses, we found vulnerabilities from different device manufacturers. Some of these vulnerabilities are easy to take advantage of, while others are less risky. The bottom line, however, is that an attacker can eventually gain unauthorized remote control of any of the affected devices, which can lead to full compromise or even damage of the device.

Recommendations and solutions against IoT vulnerabilities

Security issues related to IoT are not the concern of users alone. Manufacturers should shoulder some, if not most, of the responsibility and make sure that the devices they roll out are secure and always updated. They should ensure device integrity, confidentiality, identification, and operational continuity in their IoT implementations. They should have the mindset that devices, once connected to the internet, become open to abuse.