Nepal | January 16, 2021

Millions of smart devices vulnerable to hacking: research

ASSOCIATED PRESS
Share Now:

BOSTON: Researchers at a cybersecurity firm say they have identified vulnerabilities in software widely used by millions of connected devices — flaws that could be exploited by hackers to penetrate business and home computer networks and disrupt them.

There is no evidence of any intrusions that made use of these vulnerabilities. But their existence in data-communications software central to internet-connected devices prompted the U.S. Cybersecurity and Infrastructure Security Agency to flag the issue in an advisory.

Potentially affected devices from an estimated 150 manufacturers range from networked thermometers to “smart” plugs and printers to office routers and healthcare appliances to components of industrial control systems, the cybersecurity firm Forescout Technologies said in a report released Tuesday. Most affected are consumer devices including remote-controlled temperature sensors and cameras, it said.

In the worst case, control systems that drive “critical services to society” such as water, power and automated building management could be crippled, said Awais Rashid, a computer scientist at Bristol University in Britain who reviewed the Forescout findings.

In its advisory, CISA recommended defensive measures to minimize the risk of hacking. In particular, it said industrial control systems should not be accessible from the internet and should be isolated from corporate networks.

The discovery highlights the dangers that cybersecurity experts often find in internet-linked appliances designed without much attention to security. Sloppy programming by developers is the main issue in this case, Rashid said.

Addressing the problems, estimated to afflict millions of devices, is particularly complicated because they reside in so-called open-source software, code freely distributed for use and further modification. In this case, the issue involves fundamental internet software that manages communications via a technology called TCP/IP.

Fixing the vulnerabilities in impacted devices is particularly complicated because open-source software isn’t owned by anyone, said Elisa Costante, Forescout’s vice president of research. Such code is often maintained by volunteers. Some of the vulnerable TCP/IP code is two decades old; some of it is no longer supported, Costante added.

It is up to the device manufacturers themselves to patch the flaws and some may not bother given the time and expense required, she said. Some of the compromised code is embedded in a component from a supplier — and if no one documented that, no one may even know it’s there.

“The biggest challenge comes in finding out what you’ve got,” Rashid said.

If unfixed, the vulnerabilities could leave corporate networks open to crippling denial-of-service attacks, ransomware delivery or malware that hijacks devices and enlists them in zombie botnets, the researchers said. With so many people working from home during the pandemic, home networks could be compromised and used as channels into corporate networks through remote-access connections.

Forescout notified as many vendors as it could about the vulnerabilities, which it dubbed AMNESIA:33. But it was impossible to identify all affected devices, Costante said. The company also alerted U.S., German and Japanese computer security authorities, she said.

The company discovered the vulnerabilities in what it called the largest study ever on the security of TCP/IP software, a year-long effort it called Project Memoria.


Follow The Himalayan Times on Twitter and Facebook

Recommended Stories:

More from The Himalayan Times:

First Arab Ama Dablam Expedition makes successful attempt on Thursday

KATHMANDU: A team from Seven Summit Treks ‘First Arab Ama Dablam Expedition’ comprising Qatari climber Fahad Badar, Sherief Elabd from Eygpt and Nadhira Al Harthy from Oman have attempted Mt Ama Dablam (6812 m) on January 14. The winter ascent to Ama dablam consisted of at least 14 climbers w Read More...

Biden unveils $1.9T plan to stem COVID-19 and steady economy

WILMINGTON, DELAWARE: President-elect Joe Biden unveiled a $1.9 trillion coronavirus plan Thursday to end “a crisis of deep human suffering” by speeding up vaccines and pumping out financial help to those struggling with the pandemic’s prolonged economic fallout. Called the “American Read More...

Mobile data users abandoning Ncell for NT

KATHMANDU, JANUARY 14 Mobile data users in the country are increasingly abandoning Ncell and subscribing state-owned Nepal Telecom. At least that is what the data compiled by Nepal Telecommunications Authority reveals. According to the Management Information System of NTA, 60 per cent of the t Read More...

Rival NCP factions hold standing committee meetings

KATHMANDU, JANUARY 14 Nepal Communist Party (NCP) led by Pushpa Kamal Dahal and Madhav Kumar Nepal held its Standing Committee meeting and discussed ways to effectively carry out its protest programme against dissolution of the House of Representatives. NCP (Dahal-Nepal) Spokesperson Naryan Ka Read More...

Security personnel of Khotang District Police Office destroy cannabis planted illegally by the locals in Durchim VDC of Khotang district on Monday, December 21, 2015. Photo: RSS

Cops intensify drive to destroy cannabis, opium plants

KATHMANDU, JANUARY 14 Nepal Police destroyed cannabis and opium plants cultivated in a large swathe of land across the country in the fiscal year 2019-20, according to an annual report recently released by the Ministry of Home Affairs. According to the report, cannabis plants being cultivated Read More...

WHO supports member countries to end COVID-19 pandemic

KATHMANDU, JANUARY 14 Member countries in the World Health Organisation South-East Asia Region are gearing up for massive vaccination campaigns in a bid to end the COVID-19 pandemic. The WHO South-East Asia Region has 11 member countries — Bangladesh, Bhutan, Democratic People’s Republic o Read More...

Bhattarai calls for decisive agitation

DAMAULI, JANUARY 14 Janata Samaj Party-Nepal Federal Council Chairperson Baburam Bhattarai has stressed the need of a decisive struggle to protect democracy and the constitution. Accusing Prime Minister KP Sharma Oli of putting the constitution and democracy at risk by dissolving the Parliamen Read More...

Locals protest East-West Railway survey

BARA, JANUARY 14 The locals have protested a survey of the East-West Railway in Bara. The locals were up in arms after a survey was done affecting the main settlement in the bazaar area of Nijgadh Municipality. According to the survey team Incharge Suraj Poudel, the locals impeded the d Read More...