News & Comment: A new low has been achieved in the ease of hacking IoT devices

Off Cyber Policy in the News,

Ankit Anubhav on Twitter

Ankit Anubhav on Twitter

A new low has been achieved in the ease of hacking IoT devices. One does not even need to connect to the Dahua devices to get the credentials (thread) (1/n) #iot #infosec

Read Twitter Post

COMMENT:

According to Sean Newman, Director Product Management, Corero Network Security,

“Reports of passwords for thousands of public Internet-facing DVRs being exposed by the ZoomEye search engine, further highlight how connected device vulnerabilities can go unpatched for many years.  In this case, a vulnerability from 2013 is being openly leveraged to extract admin passwords for the systems. This highlights one of the key issues with IoT security where, even though the vendor had actually fixed the vulnerability, the owners of the devices still haven’t got around to, or been able to, upgrade them.

“While this behaviour continues, there remains no end in sight for IoT devices being acquired for various nefarious activities including use in botnets for launching DDoS and other large-scale criminal campaigns.”

About The Author

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Privacy Policy