A new vulnerability targets Thales, a leading maker of IoT components. Learn how the X-Force Red team identified the security flaw and best practices for addressing the risk.
Society relies so heavily on technology that the number of internet connected devices used globally is predicted to grow to 55.9 billion by 2025. Many of these devices span parts of Industrial Control Systems (ICS) that impact the physical world, assist us in our daily lives at home and monitor and automate everything from energy usage to machine maintenance at work. The potential to abuse these systems has already caught the eye of cybercriminals; according to the 2020 IBM X-Force Threat Intelligence Index, attacks against these systems increased over 2000% since 2018.
As part of their ongoing research, IBM’s team of hackers, X-Force Red, have discovered a new IoT vulnerability that can be exploited remotely. The manufacturer, Thales, has made a patch available for CVE-2020-15858 to customers since February 2020 and X-Force Red has been working together to ensure users are aware of the patch and taking steps to secure their systems.
Of the billions of smart devices in use today, Thales is one of leading makers of components that enable them to connect to the internet, securely store information and verify identities. Thales’ entire portfolio connects more than 3 billion things every year and more than 30,000 organizations rely on its solutions for everything from smart energy meters to medical monitoring devices and cars.
Source: New Vulnerability Could Put IoT Devices at Risk
How dangerous are IOT devices? | Yuval Elovici | TEDxBGU
httpv://www.youtube.com/watch?v=vgoX_m6Mkko
The IoT Architect’s Guide to Attainable Security and Privacy
Download a Security Risk Assessment Steps paper!
Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Subscribe to DISC InfoSec blog by Email
👉Â Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet