IoT technologies have introduced new ways for devices to connect to one another and provide useful functions in everyday living. But there is a downside. And in the case of IoT, that downside is serious enough that some cybersecurity professionals advise steering clear of these technologies altogether, at least until the data protections of such devices can be substantially improved.
Recently, a technology that comes bundled with many IoT devices was found to carry alarming security flaws, leaving those devices open to credential theft, remote compromise, and eavesdropping. The software in question, iLnkP2P, was developed to enable remote connections without requiring firewall configuration.
With iLnkP2P, users can simply enter or scan a six-digit ID to maintain a connection with an IoT device outside of the home network. The software handles the necessary communications linkage. However, without requiring any authentication or encrypting data, the software leaves gaping holes in defense, which hackers can use to bypass firewalls and breach networks.
There are approximately 2 million IoT devices using iLnkP2P across the globe. The largest percentage of them (39%) are in China, while 7% reside in the U.S. and 19% in Europe. Security cameras, baby monitors, and smart doorbells are some of the devices that include the software.
If you are wondering whether your IoT devices are among those with vulnerabilities, it’s fairly simple to identify whether they’re using iLnkP2P software. A serial number, known as the UID, will be printed on the device, often in combination with a prefix. The format will appear as follows: AAAA-123456-ABCDE. You can also check the website https://hacked.camera for a list of manufacturers incorporating the technologies and the prefixes they use on their devices.
If you are using vulnerable devices at home or on your organization’s network, the ideal defense is to switch to a reputable device without the iLnkP2P software. If that’s not possible, blocking UDP port 32100 for outbound traffic can bypass the security flaw.
For support with your network configuration and consulting services that can help you keep your network protected, with or without IoT, contact the experts at Lunarline today.