In 2016, security researcher Justin Shattuck stumbled found that Sierra Wireless, Moxa, and Digi gateways had been configured to show sensitive information, according to Ars Technica.
Unfortunately, Shattuck found many of the unsecured gateways had been placed in emergency vehicles, like police cars and ambulances, Ars Technica reported. The devices were broadcasting the locations of first responders (putting them in physical danger), as well as allowing configurations that could expose data from in-vehicle computers, dash cams, and more, said Ars Technica.
SEE: Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)
Despite bringing the problem to the surface, Shattuck found that the unsecured devices were also being used by remote pipelines, hydrogen refueling stations, traffic monitoring systems, tolls, bridges, and airports, according to Ars Technica.
These vulnerabilities endanger not only the network users, but the public as well. If a cybercriminal were to gain control of the unsecured device, they could shut down airports, circumnavigate police officers, and more.
“If someone can tell where those police officers are, then you can start to reroute them,” Shattuck said in Ars Technica’s report. “You can monitor them. You can tamper with the trusted device by taking it offline or man-in-the-middle the service.”
This shows how critical it is that companies have their connected devices, and the gateways they connect through, be fully vetted for proper security. The continued rise of tech trends like the Internet of Things (IoT) are making this even more serious of a threat.
Organizations must stay vigilant in keeping their wireless networks safe and secure, which is something Shattuck hopes to bring to the forefront of conversation. He spoke about his findings at the 2018 Black Hat event in Las Vegas last week.
The big takeaways for tech leaders:
- Unsecured gateways from Sierra Wireless, Moxa, and Digi exposed sensitive information about emergency first responders.
- If connected devices and gateways are left unsecured, malicious users can gain access to networks and put others in danger.