Study: Smart Home Office Appliances Are Trojan Horses for Hackers

(I)IoT Security Report 2021 reveals massive weak points in home office security

Bad Homburg, May 18, 2021 — During the Corona pandemic, millions of jobs have been transferred to home offices. While only just under 4% worked from home before the crisis, a quarter of employees in Germany are now doing so. Numerous households use smart devices that are connected to the domestic network — routers, smart vacuum cleaners, media systems, lighting controls and smart locking systems. However, nine out of ten of these devices present blatant security vulnerabilities in their firmware, according to research by IoT security specialist IoT Inspector. For the “(I)IoT Security Report 2021” study, 260 companies from the IT industry were surveyed — 57% see these devices as a risk for hacker attacks on corporate networks. “These smart household and home devices are a Trojan horse that hackers can use to gain access to a household Wi-Fi relatively easily. This allows for connected computers to be attacked, and ultimately also for corporate networks that are accessed via VPN, for example,” explains Rainer M. Richter, Managing Director of IoT Inspector.

Home Office as the Key to Corporate Networks

While 57% of respondents consider a VPN connection to be secure, none of the 260 company representatives surveyed consider this form of encryption to be “very secure.” 30%, on the other hand, rank encryption as “less secure” or even “insecure.” “Accessing and infecting a computer on the local home network is the key to a corporate network. Once that has happened, rarely does anything in the standard corporate setup protect against attacks by ransomware or other malware,” analyzes Rainer M. Richter. With the IoT Inspector platform, his company enables the one-time or ongoing inspection of the firmware of such IoT devices for security vulnerabilities and possible gateways for cyber criminals. The gaps range from Wi-Fi keys that can be easily read in plain text to hidden administrator access in the firmware, which hackers can use to begin their misdeeds in a matter of minutes.

Copy Of Ads 480 120

German Federal Office for Information Security (BSI) Warns of Vulnerabilities in Wi-Fi Routers

Security measures or guidelines for such gateways hardly exist in companies, and awareness of the risk is practically non-existent — 71% of company representatives are certain that traditional security mechanisms are no longer sufficient to cover risks from IoT devices. Likewise, 71% believe that measures to secure IoT devices are insufficient. 7% even rate them as “inadequate,” while only 12% of respondents consider the measures to be sufficient. The latest warnings issued by the German Federal Office for Information Security on May 11th underscore these assessments. The BSI publishes an explicit level 3 warning — “the IT threat situation is business-critical.” The vulnerability for so-called “FragAttacks” affects WLAN routers from almost all manufacturers.

About ONEKEY

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.

 

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de