SentinelOne detects unique IoT vulnerabilities.
SentinelOne, the independent cybersecurity platform company, today revealed that Barak Sternberg, SentinelLabs security researcher, has recognised four different vulnerabilities in HDL Automation smart devices.
The vulnerabilities presented thousands of HDL devices to remote control by adversaries, heading to potential network interference, secret exfiltration, and even ransomware attacks.
SentinelOne alerted HDL to the culmination through the subject admission process and the vulnerabilities have been patched.
IoT tools are everywhere in the home and the workplace, attaching lights, air conditioning, and even heat-sensors to home or corporate networks.
IoT devices are also possible security weak points that intruders target to exploit internal network configurations, modify arbitrary controllers and create software or hardware damage.
With enterprises attaching more and more connected devices to their networks, vulnerabilities like those described in SentinelLabs’ research are concerning as every connection to the enterprise network is a potential vulnerability.
“IoT can pose a vital threat to business security because, while anything you attach to your network is a possible point of ingress, not everyone considers that IoT devices contain unintended vendor-created backdoors,” said Sternberg.
“Many organizations don’t create smart thermostats or refrigerators with security in mind.
However, even normal devices such as this can be open to attackers, making it important to understand precisely how many devices you have attached to your network and to harden every endpoint.”
SentinelLabs identified two vulnerabilities that enabled account takeover; a flaw in the “forgot your password” function and a takeover of the debug email account.
Two extra vulnerabilities relating to endpoint APIs were also identified. Due to these defects, SentinelLabs researchers were able to negotiate remote servers used as proxies for configuring smart devices and worked with HDL Automation on patch solutions.
If intruders were simply interested in creating chaos, they could do physical damage by raising the heat in a server room, disabling security cameras, or disabling sensors designed to detect leaks or voltage surges.
The four new-found IoT vulnerabilities highlight the sensitivity and cost of IoT cyberattacks in changing our digital way of life.