Several high-risk security vulnerabilities have been found in ConnectedIO’s ER2000 edge routers and the cloud-based management platform, raising questions about IoT security. Malicious actors could exploit these weaknesses to execute harmful code and access sensitive information. An analysis by Claroty’s Noam Moshe revealed that an attacker might use these vulnerabilities to entirely compromise the cloud infrastructure, execute code remotely, and leak customer and device details.
As the adoption of IoT devices continues to rise, concerns about the overall security and protection of user data in these devices are becoming increasingly important. Addressing these vulnerabilities, ConnectedIO has been urged by both researchers and cybersecurity experts to implement effective security measures and provide timely updates to ensure users are protected against potential threats.
“The vulnerabilities in 3G/4G routers could expose thousands of internal networks to serious threats. IoT hazards may allow bad actors to gain control, intercept traffic, and infiltrate Extended Internet of Things (XIoT) devices.” The issues affect ConnectedIO platform versions v2.1.0 and earlier, specifically the 4G ER2000 edge router and cloud services. Attackers could chain these vulnerabilities together to execute arbitrary code on cloud-based devices without needing direct access.
By exploiting these weaknesses, cybercriminals can easily bypass security measures and gain unauthorized access to sensitive information. Organizations and individuals must update their devices to the latest firmware version to mitigate the risks associated with these vulnerabilities.
Additional weaknesses were discovered in the communication protocol between the devices and the cloud, including using fixed authentication credentials. These can be exploited to register an unauthorized device and access MQTT messages containing device identifiers, Wi-Fi settings, SSIDs, and passwords from routers. Attackers gaining access to this information could potentially monitor or manipulate the devices, putting user privacy and security at risk.
A threat actor could impersonate any device using leaked IMEI numbers and force the execution of arbitrary commands published via specially designed MQTT messages through a bash command with the opcode “1116.” Consequently, this security vulnerability exposes a myriad of devices to potential cyberattacks, leading to unauthorized access, data breaches, and even full system control. It is essential for users and manufacturers to ensure their devices are updated with the latest software patches to mitigate such risks and enhance protection against these attacks.
Manufacturers need to address these vulnerabilities and implement robust security measures to protect both the communications between devices and the cloud and the information stored within these devices.
Featured Image Credit: Photo by Cottonbro Studio; Pexels; Thank you!