720-891-1663

Return to list of client alerts

IoT Vulnerability Could Get You Killed

Some Internet of Things (IoT) bugs might stop you from turning on your washing machine remotely or reveal that your refrigerator is low on milk to a stranger. Other, more serious IoT bugs might allow a hacker to view your security camera feed or even unlock your door.

This bug could get you killed.

People love IoT devices but, for the most part, they don’t understand the risks they represent, so there is no way that they can weigh those risks.

And, they figure if something bad happens, it will happen to someone else. A lot of the time, that is true. Until it is not.

Enough with the tease.

Bitsight Security has identified sis flaws in the GPS tracker MV720 made in China by the Chinese company MiCODUS.

The trackers are mostly used in fleet vehicles.

The company says that 1.5 million of its trackers are currently in use by 420,000 customers in 169 countries. There is something wrong with one of these numbers because if you do the math, it says that the average customer uses 3 or 4 trackers, which is not much of a fleet. That is really a side note though. Users include Fortune 50 companies, government and even the military.

Bitsight says that the vulnerabilities can be easily exploited to remotely track a vehicle in real time. While this is bad for either security or safety reasons, this is not my biggest concern. While they identified bugs in this one model, likely they exist in other models too.

My biggest concern is that they can control the engine. An example is cutting the engine, say while you are on the highway in heavy traffic, going 70 miles an hour with a tractor-trailer behind you. You can figure out what might happen.

But what else could it do? Could it, for example control the brakes? We saw that is possible in a 60 Minutes piece a few years ago. Or control the steering?

Bitsight recommends the devices, which are hardwired in, be immediately disabled.

But this is really part of a bigger picture.

Are you considering the risks of consumer IoT devices, business IoT devices or Industrial IoT devices BEFORE you install them? The risk is likely to only get worse before it gets better.

Credit: Hackread

If you need help with securing IoT devices, please contact us.