Extended EU RED directive enforces higher IoT security by 2024

80 percent of cyberattacks are directed against wireless devices 

Bad Homburg, Germany, November, 9th, 2021 – The Internet of Things, i.e. especially all wireless smart devices, poses one of the greatest risks in information technology. By introducing new security requirements, the EU Commission is now significantly raising the bar for manufacturers and distributors of such devices – to protect businesses and consumers. The new extension to the RED (Radio Equipment Directive 2014/53/EU) covers all devices approved for sale in the EU and is set to come into force across the EU from 2024. “We welcome the EU’s initiative. During investigations in our lab, we often find serious weaknesses in almost all wireless devices. These range from routers to tablets, IP cameras, smart speakers, baby monitors to smart devices in corporate networks. Hackers can often easily gain access to the local network, sensitive data and servers via these devices,” states Jan Wendenburg, CEO of IT security company IoT Inspector. In addition to their own test lab, the security experts also operate Europe’s largest platform for automated firmware verification of IoT devices, which automatically and reliably detects security risks and compliance violations. However, according to Wendenburg, the insufficient specification of the newly amended directive is problematic, and makes implementation difficult – even though it will soon be binding for all manufacturers. 

Hundreds of thousands of vulnerabilities are already in circulation 

“Routers and numerous other IoT devices are in use for up to ten years in corporate networks, and often even longer in private households. The lack of obligation so far to provide more security via firmware updates is an incalculable risk,” says Jan Wendenburg of IoT Inspector. Only recently, IoT Inspector uncovered severe security vulnerabilities in components from Realtek and Broadcom, which could easily spread to hundreds of thousands of devices by up to 65 renowned manufacturers, due to a lack of transparency in supply chain and product development processes. Affected devices include routers, IP cameras, smart lighting controls, and many other products that are in use in businesses and homes around the world. A security audit therefore already needs to take place during product development, to identify and address potential vulnerabilities before market launch. IoT Inspector’s platform provides product manufacturers and integrators with a proven automated security analysis solution that automatically monitors IoT firmware throughout the entire product lifecycle. Integrating IoT Inspector into the product development process reduces costs, resources, development time, and project risks. 

Rapid response required 

The EU Commission has revealed that 80 percent of cyberattacks already target wireless devices, making them a popular gateway for further damage to networks. Cyber threats are rapidly evolving, with attackers’ technologies becoming increasingly complex and adaptable. “Cybercrime has long since evolved from the work of a few hackers to a veritable business model for criminal organizations. It is hard to estimate how the threat situation will develop in the coming months,” warns Jan Wendenburg. In its new IT security report, the German Federal Office for Information Security (BSI) assesses the current situation as “tense to critical,” with some areas already on red alert. The increase has been disproportionate, especially in the last two years. Therefore, effective monitoring bodies, such as testing and certification organizations, need to be empowered quickly to effect corrective measures for a plus in IoT security based on real results and analyses.