16.08.2021 – 11:25
IoT Inspector GmbH
Bad Homburg (OTS)
- Hundreds of thousands of devices affected – manufacturers hardly question the supply chain
- Security specialist IoT Inspector offers free scans to affected manufacturers and companies
The list of device manufacturers affected by Realtek vulnerabilities is long: AsusTEK, Belkin, D-Link, Edimax, Hama, Logitec, Netgear and many others supply their WLAN devices with Realtek vulnerable software development kits (SDKs). This vulnerability within the Realtek RTL819xD module allows hackers to gain full access to the device, installed operating systems, and other network devices. “We have detected and resolved this vulnerability, which involves hundreds of thousands of devices. Realtek was notified by us and immediately responded and provided an appropriate patch. We urge manufacturers using vulnerable Wi-Fi modules to restore their devices and make security patches available to their users,” he said. says Florian Lukowski, managing director of IoT Inspector. The security platform scans the firmware of IoT devices such as routers, IP cameras, or printers. In the past, the company has already published a large number of coordinated security warnings with affected manufacturers, thus thwarting potential hacker attacks. For this particular case IoT Inspector makes its platform available to potentially affected manufacturers and users with a free quick scan. Only by analyzing the firmware in question can it be determined if the vulnerable components are still in use.
An unsupervised supply chain for hundreds of thousands of devices
Chips provided by Realtek are used by almost all well-known manufacturers and can be found in VoIP, wireless routers, repeaters, IP cameras and smart lighting controls. A detailed list of affected devices is available I am a consultant iPhone IoT Inspector Included, but other applications are possible. The attacker must usually be on the same Wi-Fi network for the exploit to succeed. However, misconfigurations of the ISP also put a large number of vulnerable devices directly on the Internet. A successful attack will allow full control of the Wi-Fi module as well as root access to the device’s embedded operating system. In total, dozens of vulnerabilities were found in the chipset. “There is currently very little security awareness for devices of these classes – neither among users nor among manufacturers who rely on units from other manufacturers in their supply chain without checking them. These components or products thus become immeasurable risks, Florian Lukowski warns of IoT inspector. Therefore, manufacturers are urged to implement IoT supply chain security guidelines.
Regular corrections and updates are vital
Forrester’s current study also reached this conclusion, “IoT Security State – 2021After the hacking of corporate websites, attacks on IoT devices such as routers, IP cameras, and many more attacks ranked second in the attacks. Complex debugging instructions in corporate networks and hard-to-reach hardware environments Block timely protection in the absence of a screen , the need is rarely noticed – unlike a PC, where systems can report necessary patches and updates.According to Forrester, only 38 percent of security decision makers in companies worldwide have sufficient guidelines and tools for the correct management of IoT devices. “We discover new security vulnerabilities every day, most of them directly on behalf of the manufacturer. Thinking about IT security should include all devices embedded in networks, including regular checks and patches – and sometimes even patching is the source of a new vulnerability. Few companies affected by speed and accuracy react like Realtek. Now, however, manufacturers are also being asked to patch vulnerable Realtek components in their devices, and users are asked to check and update their devices if necessary,” sums up Florian Lukavsky of IoT Inspector.
About IoT Inspector:
technology IoT Inspector Allows automatic firmware scanning of IoT devices for critical vulnerabilities with just a few mouse clicks. The integrated compliance auditor also detects violations of international compliance guidelines. The vulnerabilities of external attacks and security risks are identified in the shortest possible time and can be resolved in a targeted manner. The solution, easy to use via the web interface, exposes unknown security risks to IoT technology manufacturers and distributors. This is especially true for products manufactured by an OEM partner. Infrastructure providers, consulting firms, scientists and systems houses also benefit from the offer and can offer their clients added value. Universities and research institutions can use the entire platform for free with IoT Inspector Edu: https://www.iot-inspector.com/de/iot-inspector-edu-lehre-forschung/.
Original content by: IoT Inspector GmbH, transmitted by aktuell news
“Prone to fits of apathy. Zombie ninja. Entrepreneur. Organizer. Evil travel aficionado. Coffee practitioner. Beer lover.”