Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Senator Urges Vendors to Secure Networking Devices Amid COVID-19 Outbreak

U.S. Sen. Mark R. Warner (D-VA) this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts.

U.S. Sen. Mark R. Warner (D-VA) this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts.

The coronavirus pandemic has forced many to isolate themselves at home to help stop the virus spread, which resulted in a significant increase in the use of Internet networking devices for remote work, health, and education purposes.

As a result, Sen. Warner has urged Google, Netgear, Belkin, Eero, Asus, and Commscope to help ensure that wireless access points, routers, modems, mesh network systems, and related connectivity products cannot be easily exploited by malicious actors.

With the COVID-19 outbreak still spreading, workplaces, schools, and businesses shut their doors and people are increasingly relying on home networks and personal devices for connectivity, but the lack of proper cybersecurity measures means that these devices become a risk to larger workplace systems, opening the door for compromise.

“As the COVID-19 pandemic unfolds, Americans will depend on connectivity products to receive telehealth; remain connected with family, colleagues, employers, and friends; and to receive news reports, and guidance from government and public health officials,” wrote Sen. Warner. “During this time, the security of consumer devices and networks will be of heightened importance.”

Over the past couple of months, there has been a massive spike in COVID-19-themed attacks, including phishing, malware delivery, and various types of scams.

“I request your attention and diligence to help protect the consumer devices you sell. Both new and older devices in use deserve protection from cybersecurity threats, including timely updates to mitigate vulnerabilities and exposures,” Sen. Warner wrote in the letters.

He also urged vendors to continue to provide timely security updates to users to mitigate known cybersecurity vulnerabilities, and underlined that vendors should notify consumers of devices that no longer receive critical updates and are therefore no longer protected.

Advertisement. Scroll to continue reading.

In the letters, Sen. Warner also pointed to the Internet of Things (IoT) Cybersecurity Improvement Act, the bipartisan bill he introduced last year, aimed at improving the cybersecurity of IoT devices and ensuring that technology vendors maintain coordinated vulnerability programs.

“Sen. Warner hits the nail precisely on the head – IoT manufacturers and wifi/telecom vendors need to make a much greater effort to ensure their devices and networks are secure,” Terry Dunlap, a former NSA offensive cyber operator and co-founder and chief strategy officer of ReFirm Labs, told SecurityWeek. “That means adhering to secure coding practices and proactively promoting security measures to protect users such as removing default usernames and passwords and implementing binary hardening. It also means vetting and validating the firmware of all IoT devices placed on a network to prevent the creation of a jumping off point for all kinds of malicious behavior.”

“Through insecure IoT devices, attackers can down networks and cripple critical infrastructure. As IoT continues to advance into our everyday lives, these kinds of attacks are not just nuisances and inconveniences, but they can very well put real human lives in jeopardy,” Dunlap added.

Related: Authorities Warn of Escalating COVID-19-Themed Cyberattacks

Related: The Other Virus Threat: Surge in COVID-Themed Cyberattacks

Related: Coronavirus Confinement Challenges Intelligence Services

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...