IDCA NewsAll IDCA News
7 Jul 2022
In the IoT, firmware is an often overlooked security risk
Researchers have warned of the security risks associated with Internet of Things devices in many reports. There are many instances where they refer to issues such as hardcoded administrator credentials or the lack of a mandatory procedure for changing administrator passwords. New research by German security firm OneKey shows that IT departments and security professionals tend to overlook the serious security issues associated with many IoT devices due to their many firmware versions.
According to the company, this is especially true for IoT devices and facilities in the health sector (47 percent), critical infrastructure (45 percent), and manufacturing (39 percent). The 'IoT Security Report 2022' surveyed more than 300 senior-level company representatives.
While all sectors of industry are vulnerable, cybersecurity is still considered in silos. Each device and system in the IoT sector has its own firmware, which poses a particular risk. The lack of guidelines and binding specifications in this area has led to manufacturers placing little emphasis on seamless security against attacks.
In the report, the company's researchers also discuss the increasing liability of managers. The management will be held directly liable for IT security omissions in the very near future, according to Jan Wendenburg, CEO of OneKey. VDE (the German Association for Electrical, Electronic & Information Technologies) made this very clear at the Hannover Fair earlier this year. Members of VDE buy a large amount of IoT devices for use in factories and other applications. It is the trade organization's position that every component of an IT system - especially the software - must be completely verifiable and traceable. Automated analysis platforms are clearly needed for all IoT devices and facilities with a network connection, but especially for intelligent control systems in manufacturing, medical technology, critical infrastructures, and other industries, says VDE.
The OneKey report shows that company representatives surveyed for this report agree that security provided by manufacturers for IoT systems is of low quality. A mere 12 percent of respondents deem the measures taken to prevent hacking to be adequate, while 54 percent view them as partially adequate. A further 24 percent consider the off-the-shelf security measures insufficient, and 5 percent find them completely inadequate.
Photo credit: Simon Kadula
Follow us on social media: