Vectra Networks Reveals Vulnerabilities in IoT Devices


The full potential of the Internet of Things (IoT) is still not very clear, but one thing it will do for sure is connect more things and make them smarter. The always connected nature of this technology means it could potentially be accessed at any given time. Therefore, the announcement by Vectra Networks about the vulnerabilities in IoT devices creating hidden backdoors for persistent attacks is not a big surprise to industry insiders, or even consumers for that matter.

A survey conducted by Auth0 in November of 2015 revealed just as much, with 52 percent of consumers stating most IoT devices in the market don’t have the necessary security in place as of  right now. The number almost doubles when developers were asked the same security question, with nine in 10 or Ninety percent coming to the same conclusion.

The backdoor gateways were discovered by Vectra Threat Labs on a popular security Wi-Fi cameras. The lab, which is a research arm of Vectra Networks brings together its expertise in security research and data science to identify anomalies in networks and find out the cause or causes for the observed behavior.

The company said, devices such as Wi-Fi security web cameras can be hacked and reprogrammed to service as permanent backdoors. Once the backdoors have been established, the hackers can launch attacks without being detected using traditional security products.

“Consumer-grade IoT products can be easily manipulated by an attacker, used to steal an organization’s private information, and go undetected by traditional security solutions,” said Gunter Ollmann, CSO of Vectra Networks.

The reason IoT devices are vulnerable is because they are low in value, as it relates to cost. The low cost and other considerations has resulted in manufacturers and developers limiting the security protocols to protect the devices. Hackers are aware of these targets, and they have now made IoT devices one of the vectors for breaching networks. It is much easier hacking into a device that doesn’t have the processing power or memory to run antivirus or other security software.

The experiment by Vectra Threat Labs was carried out on a D-Link Wi-Fi camera that was purchased for around $30. The researchers then programmed the camera to act as a network backdoor without disrupting its operation as a camera successfully. Once Vectra found out about the vulnerability, it informed D-Link in early December 2015. However, a solution hasn’t been found or disclosed as of Jan. 7, 2016, this according to Vectra.

Ollman points out, “Most organizations don’t necessarily think of these devices as miniature computers, but essentially they are in that they can still give attackers access to sensitive company information, particularly because they are connected to the corporate network.” And until everyone realizes the connected IoT devices are just as valuable as other digital assets connected to the organization’s network, they will be exploited by hackers in greater numbers as the deployments increase.

Edited by Ken Briodagh

Contributing Writer

Related Articles

Human Factors & Trust Fabrics: Building Confidence & Resilience Across Connected Systems

By: Arti Loftus    4/12/2021

As investment in industrial innovation grows, the importance of blending the physical and digital worlds to improve outcomes, control costs, and creat…

Read More

Everything Appears To Be Connected, But Can It All Communicate?

By: Special Guest    4/12/2021

The next evolution in mapping technology, Digital Space Management (DSM), is being developed with the use of digital twins, location intelligence and …

Read More

As Economic Recovery Dollars Are Designated for Infrastructure Improvements in the U.S., Smart City Works Labs Establishes a Venture Studio in D.C. with Rocket Wagon Venture Studios

By: Arti Loftus    4/9/2021

The Biden Administration's economic advisers are working with the U.S. Congress and business community to develop a $3 trillion package to boost the e…

Read More

Combining Industrial IoT, Blockchain and Smart Contracts, Advanced ESG Software Makes Carbon Reduction Programs Measurable

By: Andrew Athanasian    4/8/2021

In an increasingly modern and environmentally aware society, the impacts of businesses and individuals on the environment have become of paramount imp…

Read More

Navigating 2G/3G Sunsets and Exploring New Technology

By: TMCnet Staff    4/8/2021

Join us for a live webinar on Navigating 2G/3G Sunsets and Exploring New Technology on Wednesday, April 14, 2021 - 10:00am ET/ 3:00pm GMT.

Read More