IoT is Gotham and There’s a New Villain in Town
It is a duty for every good citizen of Gotham City to collect an inventory of all IoT devices. You’d be surprised at how many are out there that you either forgot about or didn’t know were IoT.
Like the infamous comic series Batman, there’s a new villain in Gotham. But this time, Gotham is your company’s security system, access card reader, or even your medical and/or manufacturing devices. A new threat to internet connected devices (or IoT devices) is rapidly emerging. Her name? Devil’s Ivy and she’s far worse than her cousin Poison Ivy.
She’s a vulnerability lurking behind a variety of IoT devices recently discovered by an Internet of Things focused security company. According to a recent article from Wired, the internet-of-things-focused security firm Senrio revealed Devil’s Ivy is a vulnerability in a piece of code used broadly in a variety of security products. The code? gSOAP. This vulnerability can allow hackers to fully disable or take over (dun dun dun) thousands of models of internet-connected devices from security cameras, to access card readers … really anything connected to the internet. It will be a cold, dark day in Gotham should this ever happen.
The reality is, security threats of IoT grow from more than just fear of hackers lurking behind every website, every download… really every corner of the internet. It’s more than adding a bunch of monsters to Rogues Gallery. In the world of IoT, loads of different vendors run the same third-party code across a range of products. So that new Alexa you just bought on Prime Day and connected to a dozen of different devices, could be your next threat.
As of now, what we know is that 34 companies use the hackable flawed code in their IoT products and the ability to breach these devices will depend on most of all on how widely it is being patched.
So how do we stop this IoT take over?
First and foremost, collect an inventory of all IoT devices. You’d be surprised at how many are out there that you either forgot about or didn’t know were IoT.
If your company has IoT devices, treat them like they are a PC. Make sure you have a regular patching routine.
Finally, ensure there are preventative security measures put in place to make sure communication from the device to the cloud is secure.
And if a breach does occur, make sure you have a plan to remediate and recover any lost data.
Security is at the heart of everything we do. If you need help taking preventative steps to ensure security with your IoT devices we can help from a penetration test to a full security plan. If you’re interested in chatting, give us a call 216-255-3040.