Securing HaInsecure hardware is a massive issue for many parties. The insecure affects not only the individual or business as they use computers in the home and office, but also the internet as a whole. This is an issue for the equipment and the engineers responsible for the development of the equipment. For the equipment owner, they could now have as one of their assets compromised piece of equipment. This would be connected to the network and possibly other systems in the business or home. The equipment may be used for the normal, intended purpose (e.g. payroll, accounts receivable, and other vital functions). This may also be used for nefarious purposes at the same time, unbeknownst to the owner.
This may sound prima facie a bit far-fetched, evoking the thought for the consumer of “This would not happen to me.” What would anyone want with an IP camera or route from a grandma in Nebraska? The focus would be potential unauthorized usage by the persons or people who code bots to leverage the capabilities of these to attack other systems. These attacks have been with the purpose of securing more IoT devices to build the bot army, which would then be directed at their target. In the last year there have been too many examples of this. There have been massive DDoS attacks on Krebs on Security and Deutsche Telekom, as two well-known examples. These and many more represent the significant DDoS attacks by Mirai and Persirai malware, among others.
The insecure equipment has turned into a potential malware tool for their targets when executed. The consumers as a whole and the IT industry would hope this would be a minor idea, not generally in use, and not affecting many units. Unfortunately, this is not the case. This continues to be an issue as more of these insecure assets are compromised and used as part of the bot army.
This issue is global in nature and effect. The scope is by far not limited to the US. The products, regardless of where they are made, and manufactured and sent across the globe, insecure and all. The remediation for this is relatively simple, but taxing in its application. The equipment needs to have more security features in place. Also any default passwords should be required to be changed. These small steps would remove much of the security issues with this.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!