More devices are connected to the internet these days than ever before — and that’s not always a good thing. The so-called “internet of things” (IoT) makes it easy to control our devices remotely with our phones and by voice and integrates web services into ordinary appliances. Unfortunately, this makes it much easier for hackers to break in and wreak havoc.
It’s not unusual for devices to suffer security flaws. But because IoT devices use similar architecture so they can be compatible with one another, a flaw in one often affects devices across the board. Tap or click here to see the most recent security flaw affecting millions of IoT devices.
And now, yet another dangerous vulnerability has been discovered in IoT architecture used in hundreds of millions of gadgets. If you want to keep your home and network safe from exploitation, here’s what you need to know.
Ripple20 flaw allows for remote takeovers of IoT devices
A piece of software architecture developed in the late 90s and found in hundreds of millions of products was recently found to contain several critical security holes. If not addressed, these flaws can be exploited by hackers to allow remote takeovers of any IoT device connected to the web.
The issue is bad enough, in fact, that the Department of Homeland Security has given four of the flaws a 10 and 9.8 ranking out of 10 in terms of seriousness. This means they’re among the top cybersecurity flaws to pay attention to at the moment.
According to security researchers at JSOF, the flaw (dubbed “Ripple20”) affects a software library developed by Treck in 1997. This architecture is responsible for helping networked devices communicate with one another, and hundreds of millions of products still use this code for their operations today.
But if left unpatched, Ripple20 poses significant risks to both business-owners and normal end-users. The faulty communications settings leave openings for hackers to inject custom codes remotely, which can let them take over internet-connected devices. This brief video demonstration from JSOF shows you how it works:
As you can see, ordinary devices like printers can easily suffer the consequences of this security hole. This bears poorly for other smart devices, including web-connected medical devices that hospitals rely on. We all will need to be vigilant about keeping devices up to date to prevent any future exploits from taking place.
I use IoT devices at home. What can I do to protect myself?
At this point, staying on top of updates and patches will be essential to protecting your devices from harm. Although the biggest impact of the exploits may be felt in the corporate and industrial sectors, you are still at risk of running into trouble if you’re not careful.
For any device you have, take time to navigate to its settings menu and check if software or firmware updates are available. We’d recommend doing this on a weekly basis. Because the flaw affects so many different devices across multiple fields, few of them will have the exact same update process. You may need to consult your device instruction manual just to be sure.
Out of all your devices, however, your router requires the most attention in the face of this security hole. Since it’s the gateway to all your networked devices, it’s even more dangerous if a hacker manages to take control.
You can typically check for updates on a router by typing your router’s IP address into your browser’s address bar and logging in with your admin username and password. You’ll most likely find if updates are available in a section called “Advanced” or “Management.” Download any updates, and make sure to enable automatic updates if the option is available.
Most importantly, continue to be careful where you visit and what you download online. Sometimes, all it takes to get a hacker into your devices is a single misclick on a shady website or malicious email attachment.