U.S. Sen. Mark R. Warner (D-VA) this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts.
The coronavirus pandemic has forced many to isolate themselves at home to help stop the virus spread, which resulted in a significant increase in the use of Internet networking devices for remote work, health, and education purposes.
As a result, Sen. Warner has urged Google, Netgear, Belkin, Eero, Asus, and Commscope to help ensure that wireless access points, routers, modems, mesh network systems, and related connectivity products cannot be easily exploited by malicious actors.
With the COVID-19 outbreak still spreading, workplaces, schools, and businesses shut their doors and people are increasingly relying on home networks and personal devices for connectivity, but the lack of proper cybersecurity measures means that these devices become a risk to larger workplace systems, opening the door for compromise.
“As the COVID-19 pandemic unfolds, Americans will depend on connectivity products to receive telehealth; remain connected with family, colleagues, employers, and friends; and to receive news reports, and guidance from government and public health officials,” wrote Sen. Warner. “During this time, the security of consumer devices and networks will be of heightened importance.”
Over the past couple of months, there has been a massive spike in COVID-19-themed attacks, including phishing, malware delivery, and various types of scams.
“I request your attention and diligence to help protect the consumer devices you sell. Both new and older devices in use deserve protection from cybersecurity threats, including timely updates to mitigate vulnerabilities and exposures,” Sen. Warner wrote in the letters.
He also urged vendors to continue to provide timely security updates to users to mitigate known cybersecurity vulnerabilities, and underlined that vendors should notify consumers of devices that no longer receive critical updates and are therefore no longer protected.
In the letters, Sen. Warner also pointed to the Internet of Things (IoT) Cybersecurity Improvement Act, the bipartisan bill he introduced last year, aimed at improving the cybersecurity of IoT devices and ensuring that technology vendors maintain coordinated vulnerability programs.
“Sen. Warner hits the nail precisely on the head – IoT manufacturers and wifi/telecom vendors need to make a much greater effort to ensure their devices and networks are secure,” Terry Dunlap, a former NSA offensive cyber operator and co-founder and chief strategy officer of ReFirm Labs, told SecurityWeek. “That means adhering to secure coding practices and proactively promoting security measures to protect users such as removing default usernames and passwords and implementing binary hardening. It also means vetting and validating the firmware of all IoT devices placed on a network to prevent the creation of a jumping off point for all kinds of malicious behavior.”
“Through insecure IoT devices, attackers can down networks and cripple critical infrastructure. As IoT continues to advance into our everyday lives, these kinds of attacks are not just nuisances and inconveniences, but they can very well put real human lives in jeopardy,” Dunlap added.