SentinelOne Research Identifies IoT Vulnerabilities Enabling Remote Takeover and Network Intrusion
Barak Sternberg to Present Research Findings at DefCon after Working with Smart Device Provider HDL Automation on Vulnerability Patches
SentinelOne, the autonomous cybersecurity platform company, announced that Barak Sternberg, SentinelLabs security researcher, has identified four unique vulnerabilities in HDL Automation smart devices. The vulnerabilities exposed thousands of HDL devices to remote control by adversaries, leading to possible network intrusion, secret exfiltration, and even ransomware attacks. SentinelOne alerted HDL to the issues via the responsible disclosure process, and the vulnerabilities have been patched. Sternberg will present the findings at DefCon on Saturday, August 8 at 9AM PST, and the complete research will be available on the SentinelLabs blog.
Research from @SentinelOne identifies IoT vulnerabilities, enabling remote takeover and network intrusion.
IoT devices are ubiquitous in the home and the workplace, connecting lights, air conditioning, and even heat-sensors to home or corporate networks. IoT devices are also potential security weak points that attackers target to exploit internal network configurations, change arbitrary controllers, and cause software or hardware damage. With enterprises adding more and more connected devices to their networks, vulnerabilities like those outlined in SentinelLabs’ research are concerning as every connection to the enterprise network is a potential vulnerability.
“IoT can pose a significant threat to enterprise security because, while anything you connect to your network is a potential point of ingress, not everyone considers that IoT devices contain unintended vendor-created backdoors” said Sternberg. “Many organizations don’t design smart thermostats or refrigerators with security in mind. However, even mundane devices such as this can be open to attackers, making it critical to understand exactly how many devices you have connected to your network and to harden every endpoint.”