- An IoT company has suffered a major violation of data, experts warn
- The leak exposed a Mars Hydro DATAPS CONTAINS ATTACHED nearly 2.7 billion records
- The registrations consisted primarily of information about wifi and network device
Mars Hydro, a Chinese company that produces a number of internet of items (IoT) devices such as LED and Hydropon Equipment, has suffered a massive data violation following an unprotected database containing almost 2.7 billion items was discovered online.
Security researcher Jeremiah Fowler identified the non-passord protected database that included WiFi network names, passwords, IP addresses, device numbers and more.
Users of these products should be aware that there may be a risk that the details of their WiFi network will be compromised and there may be national security consequences if the information falls into the wrong hands. Although the researcher does not suggest that any personally identifiable information was exposed, users still need to understand the risk, here is what we know.
Vulnerable devices
Many of the products are controlled by Internet connected devices (such as smartphones) and information about these were included in the violation. It is not yet clear whether the database is managed or owned directly by Mars Hydro and LG-led solutions or whether this was run through a third-party contractor.
There is concern about privacy and unity security, and as Fowler points out, a previous report estimated that the ‘57% of the IoT units were considered very vulnerable and 98% of data transferred by these devices is not -encrypted. ‘
“The hypothetical worst case would be if this information was used for surveillance, man-in-the-middle (MITM) attack, network mapping and critical infrastructure or other potential abuse,” Fowler said.
Although there was no evidence that threat actors were given access to the violated data, there is a concern that the information could be accessed by foreign governments and used for ‘monitoring or intelligence collection’ purpose.
“I’m not saying or suggesting that these companies are engaged in any of these activities or that their users are in danger,” Fowler continued.
“I do not claim that just because an application was submitted in China or has Chinese ownership, there is an impending risk. I only emphasize what data is collected and how it can be a potential security risk in the wrong hands.”
IoT units have been targeted before, especially by botnet attacks that have risen 500%and are an escalating problem. Known software errors or easy breaking passwords found in a network. When a device is compromised, this can lead to a botnet of compromised devices that can be used to spread malware, launch DDOS attacks or infiltrate critical systems.
Data violates complications
In this data set, research describes to see “a huge amount of exposed SSID names, passwords, Mac addresses and user-IP addresses that can potentially give unauthorized remote access to the device’s Wi-Fi network.”
This means that the vulnerable credentials can theoretically allow an attacker to connect to the network and compromise other devices. Nokia recently reported IoT devices dealing with Botnet-driven DDOS attacks, has risen 500% over the past 18 months and now accounts for 40% of all DDOS traffic.
In order to mitigate the risk, administrators must first make sure to immediately change any standard passwords. The passwords that the IoT tools come with are often shared across fleets of the same device – unchanged passwords can mean that hackers already have access.
A strong, unique password is important for any device and we have compiled a list of tips for creating a secure and secure password if you need any advice.
Another important consideration is to strengthen your software. Patch Management is crucial, integrated into your vulnerability management program, and keeping you up to date give you an additional layer of protection against zero-day utilization.
Last but not least, be proactive. Factory and weak backend protection measures are what hackers expect, so careful monitoring of suspicious behavior segmentation of networking and consolidation of endpoint control with a unified console can all help you keep you protected.
We have put together a guide to administrators if you want to see some more detailed advice.
