All Stories
Follow
Subscribe to ONEKEY GmbH

ONEKEY GmbH

New OpenSSL vulnerability: Security company automatically detects affected software even in IoT
IIoT devices

New OpenSSL vulnerability: Security company automatically detects affected software even in IoT / IIoT devices

Widely popular OpenSSL software for data encryption urgently needs to be updated

Düsseldorf/Germany, March 17, 2022 – A new security vulnerability threatens all systems that use OpenSSL, one of the most widely used software for encryption of all kinds, for transport encryption based on TLS. When processing certain TLS certificates, targeted attacks can bring clients and servers to a complete standstill (DoS - Denial of Service). "Servers, clients and other devices must be checked immediately and patched if necessary. Since this software is very widespread, most IT systems - from servers to clients to the Internet of Things - are affected. If hackers target this vulnerability, the situation can become very critical for companies and institutions," warns Jan Wendenburg, CEO of IoT Inspector. The security company operates the leading European service for automated IoT firmware analyses. The recently disclosed vulnerability can easily be detected in IoT and IIoT devices and infrastructures by IoT Inspector, and thus be remediated.

Threat level: High

The IoT Inspector team has uncovered numerous vulnerabilities in devices by well-known hardware manufacturers. "We have seen that after the publication of a technical advisory, hackers have specifically started to attack the addressed vulnerability. Therefore, administrators should immediately check if the issue is present in their networks," said Jan Wendenburg of IoT Inspector. The vulnerability ( CVE-2022-0778) is rated with a threat level of "high." It was discovered by Tavis Ormandy, a British cybersecurity specialist who currently works at Google as part of the Project Zero team. The vulnerability affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. Administrators using OpenSSL are urged to promptly install one of the secured editions 1.1.1n or 3.0.2.

Unpredictable situation

Fast action is particularly advised regarding international cyberattacks due to the ongoing war in Ukraine, according to the team of specialists at IoT Inspector: "Critical infrastructures, as well as companies, are currently more at risk than ever. The alleged use of European technology in Russian war equipment shows how quickly companies are now caught in the crossfire and could potentially be drawn into a campaign by Anonymous hackers. The situation is unpredictable," Wendenburg explains. Just a few days ago, the German Federal Office for Information Security (BSI) issued its third warning of war-related attacks on IT infrastructures. In this context, every component of a network can be used as a gateway, unless the security vulnerabilities are identified through targeted analyses and subsequently remedied. IoT Inspector continues to offer a free security check for IoT/IIoT endpoints of all types in critical infrastructures following the BSI warnings. A firmware check takes only a few minutes and analyzes the relevant risks.

About IoT Inspector:

IoT Inspector is the leading European security & compliance analysis platform for devices of the Internet of Things. IoT Inspector's technology enables fully automated firmware analysis of IoT/IIoT/OT devices for critical security vulnerabilities without devices or network access via "digital twins". The integrated Compliance Checker simultaneously uncovers violations of international compliance requirements. Vulnerabilities for external attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. The solution, which is easy to integrate into software development and procurement processes, uncovers unknown security risks for manufacturers, distributors, and users of IoT technology and automatically monitors security throughout the entire product lifecycle. IoT Inspector is available free of charge for universities and research institutions.

Further Information: IoT Inspector GmbH,
Kaiserswerther Straße 45, 40477 Düsseldorf, Germany,
Julia Alunovic, E-Mail:  julia@iot-inspector.com,
Web:  https://www.iot-inspector.com

PR Agency: euromarcom public relations GmbH,
Mühlhohle 2, 65205 Wiesbaden, Germany,
Phone: +49 611 9731 50, E-Mail:  team@euromarcom.de,
Web:  www.euromarcom.de

- - - -

More stories: ONEKEY GmbH
More stories: ONEKEY GmbH
  • 02.12.2021 – 15:05

    Hackers welcome: Major security test uncovers vulnerabilities in all common Wi-Fi routers

    Hackers welcome: Major security test uncovers vulnerabilities in all common Wi-Fi routers - IoT Inspector and CHIP examine devices from AVM, Asus, Netgear, and more - New German coalition announces manufacturer liability for damages caused by IT security vulnerabilities Bad Homburg/Germany, December 2, 2021 - Nine Wi-Fi routers from well-known manufacturers recently ...

  • 09.11.2021 – 15:35

    Extended EU RED Directive enforces higher IoT security by 2024

    Extended EU RED directive enforces higher IoT security by 2024 80 percent of cyberattacks are directed against wireless devices Bad Homburg/Germany, November 9th, 2021 – The Internet of Things, i.e. especially all wireless smart devices, poses one of the greatest risks in information technology. By introducing new security requirements, the EU Commission is now significantly raising the bar for manufacturers and ...

  • 28.10.2021 – 11:45

    Protection against critical security gaps in telecommunication networks

    Protection against critical security gaps in telecommunication networks IoT Inspector saves Swisscom €350,000 per avoided faulty software rollout and update Bad Homburg/Germany, October 28th 2021 – With a turnover of over 10 billion euros and almost 20,000 employees, Switzerland’s technology and telecommunications company Swisscom is the industry leader in its ...