ConnectedIO’s ER2000 edge routers and cloud-based management platform have been found to have several high-risk security vulnerabilities, raising concerns about IoT security. These weaknesses could potentially allow malicious actors to execute harmful code and access sensitive information. According to an analysis by Claroty’s Noam Moshe, these vulnerabilities could enable an attacker to compromise the cloud infrastructure, execute remote code, and leak customer and device details.
As the use of IoT devices continues to grow, the security and protection of user data in these devices become increasingly critical. Both researchers and cybersecurity experts are calling on ConnectedIO to implement effective security measures and provide timely updates to protect users against potential threats.
“The vulnerabilities in 3G/4G routers could expose thousands of internal networks to serious threats. IoT hazards may allow bad actors to gain control, intercept traffic, and infiltrate Extended Internet of Things (XIoT) devices.” The issues affect ConnectedIO platform versions v2.1.0 and earlier, specifically the 4G ER2000 edge router and cloud services. Attackers could chain these vulnerabilities together to execute arbitrary code on cloud-based devices without requiring direct access.
By exploiting these weaknesses, cybercriminals can bypass security measures and gain unauthorized access to sensitive information. It is essential for organizations and individuals to update their devices to the latest firmware version to mitigate the risks associated with these vulnerabilities.
Additional vulnerabilities were found in the communication protocol between the devices and the cloud, including the use of fixed authentication credentials. These vulnerabilities could be exploited to register an unauthorized device and access MQTT messages containing device identifiers, Wi-Fi settings, SSIDs, and passwords from routers. Attackers gaining access to this information could potentially monitor or manipulate the devices, posing risks to user privacy and security.
A threat actor could impersonate any device using leaked IMEI numbers and force the execution of arbitrary commands published via specially designed MQTT messages through a bash command with the opcode “1116.” Consequently, this security vulnerability exposes a myriad of devices to potential cyberattacks, leading to unauthorized access, data breaches, and even full system control. Users and manufacturers need to ensure their devices are updated with the latest software patches to mitigate such risks and enhance protection against these attacks.
Manufacturers need to address these vulnerabilities and implement robust security measures to protect both the communications between devices and the cloud and the information stored within these devices.
Featured Image Credit: Photo by Cottonbro Studio; Pexels; Thank you!
