Extended EU RED Directive enforces higher IoT security by 2024
Extended EU RED directive enforces higher IoT security by 2024
80 percent of cyberattacks are directed against wireless devices
Bad Homburg/Germany, November 9th, 2021 – The Internet of Things, i.e. especially all wireless smart devices, poses one of the greatest risks in information technology. By introducing new security requirements, the EU Commission is now significantly raising the bar for manufacturers and distributors of such devices - to protect businesses and consumers. The new extension to the RED ( Radio Equipment Directive 2014/53/EU) covers all devices approved for sale in the EU and is set to come into force across the EU from 2024. "We welcome the EU's initiative. During investigations in our lab, we often find serious weaknesses in almost all wireless devices. These range from routers to tablets, IP cameras, smart speakers, baby monitors to smart devices in corporate networks. Hackers can often easily gain access to the local network, sensitive data and servers via these devices," states Jan Wendenburg, CEO of IT security company IoT Inspector. In addition to their own test lab, the security experts also operate Europe's largest platform for automated firmware verification of IoT devices, which automatically and reliably detects security risks and compliance violations. However, according to Wendenburg, the insufficient specification of the newly amended directive is problematic, and makes implementation difficult - even though it will soon be binding for all manufacturers.
Hundreds of thousands of vulnerabilities are already in circulation
"Routers and numerous other IoT devices are in use for up to ten years in corporate networks, and often even longer in private households. The lack of obligation so far to provide more security via firmware updates is an incalculable risk," says Jan Wendenburg of IoT Inspector. Only recently, IoT Inspector uncovered severe security vulnerabilities in components from Realtek and Broadcom, which could easily spread to hundreds of thousands of devices by up to 65 renowned manufacturers, due to a lack of transparency in supply chain and product development processes. Affected devices include routers, IP cameras, smart lighting controls, and many other products that are in use in businesses and homes around the world. A security audit therefore already needs to take place during product development, to identify and address potential vulnerabilities before market launch. IoT Inspector's platform provides product manufacturers and integrators with a proven automated security analysis solution that automatically monitors IoT firmware throughout the entire product lifecycle. Integrating IoT Inspector into the product development process reduces costs, resources, development time, and project risks.
Rapid response required
The EU Commission has revealed that 80 percent of cyberattacks already target wireless devices, making them a popular gateway for further damage to networks. Cyber threats are rapidly evolving, with attackers' technologies becoming increasingly complex and adaptable. "Cybercrime has long since evolved from the work of a few hackers to a veritable business model for criminal organizations. It is hard to estimate how the threat situation will develop in the coming months," warns Jan Wendenburg. In its new IT security report, the German Federal Office for Information Security (BSI) assesses the current situation as "tense to critical," with some areas already on red alert. The increase has been disproportionate, especially in the last two years. Therefore, effective monitoring bodies, such as testing and certification organizations, need to be empowered quickly to effect corrective measures for a plus in IoT security based on real results and analyses.
About IoT Inspector:
IoT Inspector is the leading European IoT security analysis platform and enables automated firmware inspection of IoT devices for critical security vulnerabilities with just a few mouse clicks. The integrated Compliance Checker simultaneously uncovers violations of international compliance requirements. Vulnerabilities for external attacks and security risks are identified in the shortest possible time and can be remedied in a targeted manner. The solution, which is easy to use via web interface, uncovers unknown security risks for manufacturers and distributors of IoT technology. This is especially true for products manufactured by an OEM partner. Infrastructure providers, consulting companies, scientists and system houses also benefit from the offering and can provide valuable added value to their customers.
Company Contact: IoT Inspector GmbH, Tannenwaldallee 2, 61348 Bad Homburg, Germany, Julia Alunovic, E-Mail: firstname.lastname@example.org, Web: https://www.iot-inspector.com PR-Agency: euromarcom public relations GmbH, Mühlhohle 2, 65205 Wiesbaden, Germany, Tel.: +49 (0)611 9731 50, E-Mail: email@example.com, Web: www.euromarcom.de
- - - -