The Internet of Things (IoT), where more and more devices connect to the internet is a large security threat, according to researchers of the French EURECOM and the German Ruhr University. Almost 25% of the devices for consumers isn’t properly secured. Either there are issues in the firmware or the web portal that provides access to the device isn’t properly protected against threats.
(Credits Wilgengebroed Creative Commons 2.0)
The researchers investigated firmware of routers, modems, VOIP phones, network camera’s and other IoT devices that can be managed over the internet. By trying to modify the firmware with malicious software updates and by attacking the web portals of devices they found many vulnerabilities. They created an automated test framework that allowed them to conduct a large number of tests.
In total 1925 firmware images were investigated of 54 different manufacturers. In these the researchers found 9,200 vulnerabilities in 185 firmware images. Although only 8% of the firmwares contained PHP code in the web portal they found 5,000 XSS (cross-site scripting) leaks in 143 firmware images.
The report confirms earlier reports of the insecurity of IoT devices. Some antivirus vendors already work on software that should protect the home network against IoT vulnerabilities.