Critical Security Vulnerability Exposes Millions of IoT Devices

IoT technologies have introduced new ways that for devices to connect to at least one another and provide helpful functions in everyday living. however there’s a drawback. And within the case of IoT, that drawback is serious enough that some cybersecurity professionals advise steering away from these technologies altogether, a minimum of till the data protections of such devices are often considerably improved.

Recently, a technology that comes bundled with several IoT devices was found to carry alarming security flaws, going away those devices open to credential thievery, remote compromise, and eavesdropping. The software in question, iLnkP2P, was developed to enable remote connections while not requiring firewall configuration.

With iLnkP2P, users can simply enter or scan a six-digit ID to maintain a connection with an IoT device outside of the home network. The software handles the necessary communications linkage. However, without requiring any authentication or encrypting data, the software leaves gaping holes in defense, which hackers can use to bypass firewalls and breach networks.

There are approximately two million IoT devices using iLnkP2P across the world. the largest percentage of them (39%) are in China, whereas seven-membered reside within the U.S. and 19 in Europe. Security cameras, baby monitors, and smart doorbells are a number of the devices that include the software.

If you are wondering whether your IoT devices are among those with vulnerabilities, it’s fairly simple to identify whether they’re using iLnkP2P software. A serial number, known as the UID, will be printed on the device, often in combination with a prefix. The format will appear as follows: AAAA-123456-ABCDE. You can also check the website for a list of manufacturers incorporating the technologies and the prefixes they use on their devices.

If you’re using vulnerable devices at home or on your organization’s network, the best defense is to change to a reputable device while not the iLnkP2P software system. If that’s impracticable, block UDP port 32100 for outgoing traffic will bypass the security flaw.