When firmware vulnerabilities hit home
Anyone who reads my articles is certainly aware of how I feel about the potential issues with Internet of Things (IoT) devices, and importance of staying on top of firmware and software updates. I frequently get frustrated by the fact that when I speak to people directly on this topic, I most often get blank stares. The idea of a firmware vulnerability is a foreign concept to many. Others have so many things to worry about, that they don't see vulnerabilities and updates as a critical use of their time. As such, I continue to struggle with how to communicate the importance of this topic.
I recently began listening to the Down the Security Rabbit Hole podcast. This is a weekly program by and for we die-hard security folks. I confess to a bit of reluctance in admitting this, given that people will see me for the nerd I really am. In any event, i was listening to episode 170 during a hike last week. The episode consisted of a round table discussion of various security topics, with a variety of guests. One of the participants, Holly Miller, who I believe is a student, expressed the danger of unmanaged IoT devices in a way that really hits home. While it was hard to write down the exact quote while standing on the side of a hill, she asked if people really wanted to run their baby monitor on a router that had not been updated since they day they bought it. When I heard this, I yelled YES (glad no other hikers were around). Holly had expressed easily what I have struggled to communicate.
We all buy various network-connected devices for our homes and offices. Most of us install them, and forgot them. As I will point out in an upcoming video, while we forgot them, hackers do not. They are working night a day to find new vulnerabilities they can use to cause trouble and steal data. This is a bad enough issue with day 0 vulnerabilities (newly discovered bugs previously unknown), but is much worse with a router that has not been updated for two years, given that it is subject to every vulnerability discovered during that period.
So, I will remind everyone again of what I have said so many times -- If your router, firewall, access point, etc. is more than 1.5 years old, it might be easier to just trash it and start over. If it is newer, check for and apply updates. Once your equipment is up-to-date, watch for new updates for each, and apply them as they are released. If you don't see an update for some time, you should be suspicious that they are no longer supporting that model.
I am sorry to add yet another responsibility to your growing to do list, but failure to keep your devices current could put your business, or your family, in jeopardy.