Ring Flaw Underscores Impact of IoT Vulnerabilities
upstart writes:
Submitted via IRC for soylent_lavender
Ring Flaw Underscores Impact of IoT Vulnerabilities
A vulnerability in Amazon's Ring Video Doorbell Pro IoT device could have allowed a nearby attacker to imitate a disconnected device and then sniff the credentials of the wireless networks when the owner reconfigured the device, according to a report issued by security firm Bitdefender.
The issue, which was fixed by Amazon in September, underscores the impact of a single insecure Internet-of-Things device on the organization in which it is deployed. While the vulnerability may only occur in a single network device, the result of the flaw could be leaked information - the wireless network password, for example - which would have far more serious repercussions.
"IoT is a security disaster, any way you look at it," says Alexandru Balan, Bitdefender's chief security researcher. "Security is not the strong suit of IoT vendors - only rarely, do we see vendors who take security seriously."
The discovery of a serious vulnerability in a popular IoT product comes as businesses and consumers increasingly worry about the impact that such devices may have on their own security. Only about half of security teams have a response plan in place to deal with attacks on connected devices, according to recent report from Neustar. Even critical-infrastructure firms, such as utilities that have to deal with connected operational technology, a widespread class of Internet-of-Things devices, are ill-prepared to deal with vulnerabilities and attacks, the report says.
Vulnerabilities in IoT devices can have serious repercussions. In July, a team of researchers found widespread flaws in the networking software deployed in as many as 200 million embedded devices and found millions more that could be impacted by a variant of the issue in other real-time operating systems.
The issue with Amazon Ring is not as serious but it is a reminder that vulnerabilities can still be easily found in the devices by attackers paying attention, says Balan. "We tend to look at the popular devices, and those tend to have better security than the less popular devices,"
Read more of this story at SoylentNews.