Report: Millions of Smart Devices Face Risks of Hacking
2020-12-13
LRC
TXT
大字
小字
滚动
全页
1Internet security researchers say they have identified software weaknesses that put millions of smart devices at risk for attacks, or hacking.
2The security weaknesses, also known as vulnerabilities, could be used by hackers to attack business or home computer networks.
3The report, by cybersecurity company Forescout Technologies, says the affected devices were built by an estimated 150 manufacturers.
4Many devices are designed for personal use and include the ability to control home cameras and temperature controls from a distance, the report said.
5Companies use similar devices in security systems, heating and cooling equipment, printers and servers.
6There is no evidence that any attacks have already been carried out on the vulnerable devices.
7But the risks pointed out in the report led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory warning.
8In the advisory, CISA suggests that defensive measures should be taken to lessen the risks of hacking.
9Specifically, the agency said industrial control systems should not be accessible from the internet and should be separated from company networks.
10Awais Rashid is a computer scientist at Britain's Bristol University who examined the report's findings.
11He told The Associated Press that in the worst case, control systems that drive "critical services" - such as water, power and self-operating building equipment - could be damaged.
12Rashid said the discovery shows the dangers cybersecurity experts often find in internet-linked devices designed without much attention to security.
13Careless programming by developers appears to be the main issue in this case, he added.
14Dealing with the problem is especially complex because the vulnerabilities are found in so-called open-source software.
15Open-source means the software is free to use and that the program that was first created can be changed by anyone.
16In this case, the issue relates to internet software that runs communications through a technology called TCP/IP.
17This technology uses a set of rules that control the connection of computer systems to the internet.
18Elisa Costante is vice president of research for Forescout.
19She told the AP the fact that open-source software is not owned by anyone makes the problem difficult to solve.
20In addition, some of the vulnerable TCP/IP methods used are twenty years old.
21This means it is up to device manufacturers to fix the vulnerabilities themselves and some may not have the time or money to do so, Costante said.
22"The biggest challenge comes in finding out what you've got," said Bristol University's Rashid.
23The vulnerabilities could leave business networks open to destructive denial-of-service attacks.
24Computer systems could also be infected with ransomware or other tools that permit attackers to take over devices.
25Experts say the risks are even higher now with so many people working from home during the coronavirus pandemic.
26This could permit attackers to hack into home networks and use this as a pathway into company networks.
27Forescout says it contacted as many device manufacturers as it could about the vulnerabilities.
28It also warned security officials in the U.S., Germany and Japan.
29I'm Bryan Lynn.
1Internet security researchers say they have identified software weaknesses that put millions of smart devices at risk for attacks, or hacking. 2The security weaknesses, also known as vulnerabilities, could be used by hackers to attack business or home computer networks. 3The report, by cybersecurity company Forescout Technologies, says the affected devices were built by an estimated 150 manufacturers. 4Many devices are designed for personal use and include the ability to control home cameras and temperature controls from a distance, the report said. Companies use similar devices in security systems, heating and cooling equipment, printers and servers. 5There is no evidence that any attacks have already been carried out on the vulnerable devices. But the risks pointed out in the report led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory warning. 6In the advisory, CISA suggests that defensive measures should be taken to lessen the risks of hacking. Specifically, the agency said industrial control systems should not be accessible from the internet and should be separated from company networks. 7Awais Rashid is a computer scientist at Britain's Bristol University who examined the report's findings. He told The Associated Press that in the worst case, control systems that drive "critical services" - such as water, power and self-operating building equipment - could be damaged. 8Rashid said the discovery shows the dangers cybersecurity experts often find in internet-linked devices designed without much attention to security. Careless programming by developers appears to be the main issue in this case, he added. 9Dealing with the problem is especially complex because the vulnerabilities are found in so-called open-source software. Open-source means the software is free to use and that the program that was first created can be changed by anyone. 10In this case, the issue relates to internet software that runs communications through a technology called TCP/IP. This technology uses a set of rules that control the connection of computer systems to the internet. 11Elisa Costante is vice president of research for Forescout. She told the AP the fact that open-source software is not owned by anyone makes the problem difficult to solve. In addition, some of the vulnerable TCP/IP methods used are twenty years old. 12This means it is up to device manufacturers to fix the vulnerabilities themselves and some may not have the time or money to do so, Costante said. 13"The biggest challenge comes in finding out what you've got," said Bristol University's Rashid. 14The vulnerabilities could leave business networks open to destructive denial-of-service attacks. Computer systems could also be infected with ransomware or other tools that permit attackers to take over devices. 15Experts say the risks are even higher now with so many people working from home during the coronavirus pandemic. This could permit attackers to hack into home networks and use this as a pathway into company networks. 16Forescout says it contacted as many device manufacturers as it could about the vulnerabilities. It also warned security officials in the U.S., Germany and Japan. 17I'm Bryan Lynn. 18The Associated Press reported on this story. Bryan Lynn adapted the report for Learning English. Caty Weaver was the editor. 19We want to hear from you. Write to us in the Comments Section, and visit our Facebook page. 20________________________________________________________________ 21Words in This Story 22accessible - adj. able to be reached or easily gotten 23challenge - n. something that is difficult to do 24ransomware - n. software designed by internet attackers that can lock computer users out of their own devices unless they pay money