On the security of IoT devices

According to Cisco’s Annual Internet Report, nearly two-thirds of the global population will have Internet access by 2023. The number of devices connected to IP networks will be more than three times the number of people in the world. The consumer segment will have a nearly three-fourths share of total devices and connections. Moreover, IoT devices will account for 50 percent of all networked devices, and about a third will be wireless.
On the other hand, there has been a rise in the number of people working remotely due to the global pandemic during the last years. Because of this, the security of a company’s network can also depend on the security of the home network of its employees. However, home networks are far from hardened, and most consumer internet-connected devices have a reputation for being vulnerable.
After reflecting on these observations, Faraday’s research team has embarked on a new mission to find and report security vulnerabilities in IoT devices. We invite you to read the first in a series of posts that will discuss the vulnerabilities we find and the techniques and lessons learned along the way: Bypassing password protection and getting a shell through UART in NEC Aterm WR8165N Wi-Fi router. We opted to share our insights since it’s in our best interest to boost the knowledge of the community about these devices’ inner workings to facilitate vulnerability discovery and, in consequence, make this ecosystem more secure.
Check out the first part👇
Sources:
Are you interested in our products? Check out our free version, right here. ⚡🚀
Related Posts
March 23, 2023
Yara rule and some python scripts for detection and sanitization of Acropalypse (CVE-2023-21036) affected PNG images
We have just released a YARA to detect vulnerable images of Acropalypse in scale. We also added a sanitization script to remove extra…
March 16, 2023
Automating Security Tasks with Faraday
In this second part (part one), we will show a step by step of a security analysis having in mind a basic methodology: - Perform a passive…
March 1, 2023
DevSecOps: a thread
Let's talk about security into the software development lifecycle. DevSecOPS elp you identify and mitigate security risks early in the…