SentinelOne, the autonomous cybersecurity platform company, today announced that Barak Sternberg, SentinelLabs security
researcher, has identified four unique vulnerabilities in HDL
Automation smart devices. The vulnerabilities exposed thousands of HDL
devices to remote control by adversaries, leading to possible network
intrusion, secret exfiltration, and even ransomware attacks. SentinelOne
alerted HDL to the issues via the responsible disclosure process, and
the vulnerabilities have been patched. Sternberg will present the
findings at DefCon on Saturday, August 8 at 9AM PST, and the complete research will be available on the SentinelLabs blog.
IoT
devices are ubiquitous in the home and the workplace, connecting
lights, air conditioning, and even heat-sensors to home or corporate
networks. IoT devices are also potential security weak points that
attackers target to exploit internal network configurations, change
arbitrary controllers, and cause software or hardware damage. With
enterprises adding more and more connected devices to their networks,
vulnerabilities like those outlined in SentinelLabs' research are
concerning as every connection to the enterprise network is a potential
vulnerability.
"IoT
can pose a significant threat to enterprise security because, while
anything you connect to your network is a potential point of ingress,
not everyone considers that IoT devices contain unintended
vendor-created backdoors" said Sternberg. "Many organizations don't
design smart thermostats or refrigerators with security in mind.
However, even mundane devices such as this can be open to attackers,
making it critical to understand exactly how many devices you have
connected to your network and to harden every endpoint."
SentinelLabs
identified two vulnerabilities that enabled account takeover; a flaw in
the "forgot your password" function and a takeover of the debug email
account. Two additional vulnerabilities relating to endpoint APIs were
also identified. Due to these flaws, SentinelLabs researchers were able
to compromise remote servers used as proxies for configuring smart
devices and worked with HDL Automation on patch solutions. If attackers
were simply interested in causing chaos, they could do physical damage
by raising the temperature in a server room, disabling security cameras,
or disabling sensors designed to detect leaks or voltage surges. The
four new-found IoT vulnerabilities highlight the sensitivity and cost of
IoT cyberattacks in impacting our digital way of life.