{"id":9875,"date":"2020-08-15T10:48:33","date_gmt":"2020-08-15T06:48:33","guid":{"rendered":"https:\/\/techxmedia.com\/?p=9875"},"modified":"2025-04-18T00:21:37","modified_gmt":"2025-04-17T20:21:37","slug":"sentinelone-discovers-iot-vulnerabilities-leading-network-intrusion","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/sentinelone-discovers-iot-vulnerabilities-leading-network-intrusion\/","title":{"rendered":"SentinelOne discovers IoT vulnerabilities leading to network intrusion"},"content":{"rendered":"\n

SentinelOne reported that Barak Sternberg, a security researcher at SentinelLabs, has identified four distinct vulnerabilities in HDL Automation smart devices. The vulnerabilities exposed thousands of HDL devices to remote control by adversaries, leading to possible network intrusion, secret exfiltration, and even ransomware attacks. SentinelOne alerted HDL of the issues via the responsible disclosure process, and the vulnerabilities have been patched.<\/p>\n\n\n\n

IoT devices are ubiquitous in the home and the workplace, connecting lights, air conditioning, and even heat-sensors to home or corporate networks. IoT devices <\/a>are also potential security weak points allowing attackers to bypass internal network configurations, change arbitrary controllers, and cause software or hardware damage. With enterprises adding more and more connected devices to their networks, vulnerabilities like those outlined in SentinelLabs\u2019 research are concerning as every connection to the enterprise network is a potential vulnerability.<\/p>\n\n\n\n

\"Barak-Sternberg---inside-SentinelOne-techxmedia\"<\/figure>
\n

\u201cIoT can pose a significant threat to enterprise security because, while anything you connect to your network is a potential point of ingress, not everyone considers that IoT devices <\/a>contain unintended vendor-created backdoors,\u201d said Sternberg. \u201cMany organizations don\u2019t design smart thermostats or refrigerators with security in mind. However, even mundane devices such as this can be open to attackers, making it critical to understand exactly how many devices you have connected to your network and to harden every endpoint.\u201d<\/p>\n<\/div><\/div>\n\n\n\n

SentinelLabs identified two vulnerabilities that enabled account takeover; a flaw in the \u201cforgot your password\u201d function and a takeover of the debug email account. Two additional vulnerabilities relating to endpoint APIs <\/a>were also identified. Due to these flaws, SentinelLabs researchers were able to compromise remote servers used as proxies for configuring smart devices and worked with HDL Automation on patch solutions. If attackers were simply interested in causing chaos, they could do physical damage by raising the temperature in a server room, disabling security cameras, or disabling sensors designed to detect leaks or voltage surges. The four new-found IoT vulnerabilities highlight the sensitivity and cost of IoT cyberattacks in impacting our digital way of life.<\/p>\n","protected":false},"excerpt":{"rendered":"

IoT devices are potential security weak points allowing attackers to bypass internal network configurations, change arbitrary controllers, and cause software or hardware damage.<\/p>\n","protected":false},"author":8,"featured_media":9885,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9621,149],"tags":[1391,2730,2027,2578],"contributor":[],"class_list":["post-9875","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-technologies","category-networking","tag-api","tag-hdl","tag-iot-devices","tag-sentinelone"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2020\/08\/iot_security-100675572-large-featured.jpg","author_info":{"display_name":"News Desk","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/9875","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=9875"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/9875\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/9885"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=9875"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=9875"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=9875"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=9875"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}