Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Senator Urges Vendors to Secure Networking Devices Amid COVID-19 Outbreak

U.S. Sen. Mark R. Warner (D-VA) this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts.

U.S. Sen. Mark R. Warner (D-VA) this week sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts.

The coronavirus pandemic has forced many to isolate themselves at home to help stop the virus spread, which resulted in a significant increase in the use of Internet networking devices for remote work, health, and education purposes.

As a result, Sen. Warner has urged Google, Netgear, Belkin, Eero, Asus, and Commscope to help ensure that wireless access points, routers, modems, mesh network systems, and related connectivity products cannot be easily exploited by malicious actors.

With the COVID-19 outbreak still spreading, workplaces, schools, and businesses shut their doors and people are increasingly relying on home networks and personal devices for connectivity, but the lack of proper cybersecurity measures means that these devices become a risk to larger workplace systems, opening the door for compromise.

“As the COVID-19 pandemic unfolds, Americans will depend on connectivity products to receive telehealth; remain connected with family, colleagues, employers, and friends; and to receive news reports, and guidance from government and public health officials,” wrote Sen. Warner. “During this time, the security of consumer devices and networks will be of heightened importance.”

Over the past couple of months, there has been a massive spike in COVID-19-themed attacks, including phishing, malware delivery, and various types of scams.

“I request your attention and diligence to help protect the consumer devices you sell. Both new and older devices in use deserve protection from cybersecurity threats, including timely updates to mitigate vulnerabilities and exposures,” Sen. Warner wrote in the letters.

He also urged vendors to continue to provide timely security updates to users to mitigate known cybersecurity vulnerabilities, and underlined that vendors should notify consumers of devices that no longer receive critical updates and are therefore no longer protected.

In the letters, Sen. Warner also pointed to the Internet of Things (IoT) Cybersecurity Improvement Act, the bipartisan bill he introduced last year, aimed at improving the cybersecurity of IoT devices and ensuring that technology vendors maintain coordinated vulnerability programs.

“Sen. Warner hits the nail precisely on the head – IoT manufacturers and wifi/telecom vendors need to make a much greater effort to ensure their devices and networks are secure,” Terry Dunlap, a former NSA offensive cyber operator and co-founder and chief strategy officer of ReFirm Labs, told SecurityWeek. “That means adhering to secure coding practices and proactively promoting security measures to protect users such as removing default usernames and passwords and implementing binary hardening. It also means vetting and validating the firmware of all IoT devices placed on a network to prevent the creation of a jumping off point for all kinds of malicious behavior.”

“Through insecure IoT devices, attackers can down networks and cripple critical infrastructure. As IoT continues to advance into our everyday lives, these kinds of attacks are not just nuisances and inconveniences, but they can very well put real human lives in jeopardy,” Dunlap added.

Related: Authorities Warn of Escalating COVID-19-Themed Cyberattacks

Related: The Other Virus Threat: Surge in COVID-Themed Cyberattacks

Related: Coronavirus Confinement Challenges Intelligence Services

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.