In the ever-expanding world of digital connectivity, where our daily lives are intricately interwoven with technology, the discovery of vulnerabilities in Operational Technology (OT) and Internet of Things (IoT) routers emerges as a significant concern. Forescout, a top cybersecurity firm, just revealed a significant report called “SIERRA:21 – Living on the Edge.” This report exposes 21 new vulnerabilities that might mess up the important communications we rely on every day.
This discovery centers around Sierra Wireless AirLink cellular routers, crucial components used in various applications worldwide. These routers are the invisible threads connecting police vehicles to central network management systems, streaming surveillance video in manufacturing plants for industrial asset monitoring, providing temporary connectivity in healthcare facilities and managing the intricate web of electric vehicle charging stations. Sierra Wireless routers are widely used, connecting 245,000 networks globally, emphasizing their crucial role in our interconnected world.
The scope of the vulnerabilities disclosed in the Forescout report is both staggering and concerning. With 86,000 routers still exposed online, there is a clear and present danger to the seamless functioning of critical infrastructure. Even more disquieting is the revelation that less than 10% of these routers have been patched against known vulnerabilities dating back to 2019. These vulnerabilities have a global impact, with the highest number of exposed devices in regions like the United States, Canada, Australia, France and Thailand.
Also Read: ShareID Launches Privacy-Focused Online ID Verification Solution
Delving into the specifics of the vulnerabilities exposes a spectrum of risks. Among the 21 vulnerabilities unearthed, one stands out with critical severity, nine with high severity and 11 with medium severity. These vulnerabilities can lead to various exploits, from stealing credentials to injecting harmful code and gaining unauthorized control over the routers. The implications of these vulnerabilities extend beyond mere disruptions, as these routers are integral components of critical infrastructure and an exploit could potentially disrupt essential services with far-reaching consequences.
However, the challenge posed by these vulnerabilities extends beyond conventional patching measures. A staggering 90% of devices exposing a specific management interface have reached their end of life, rendering them unable to receive further patches. This finding highlights a bigger worry about the security of supply chain components, pointing out the vulnerabilities in open-source software that haven’t been addressed. These weaknesses highlight the need for a fresh look at how we secure important devices, emphasizing the importance of rethinking our current cybersecurity practices.
Forescout Research – Vedere Labs’ Vice President of Research, Elisa Costante, succinctly notes, “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community.” This recognition extends beyond the immediate implications of potential disruptions. It creates opportunities for government-backed spying, cybercriminals using routers for harmful activities and an ongoing risk of recruiting devices into botnets.
In response to these alarming discoveries, collaborative efforts between Sierra Wireless, OpenDNS, and Forescout Research have resulted in issued patches and recommendations. Yet, there is a clear need to address these vulnerabilities urgently, requiring a comprehensive approach.
The situation goes beyond immediate fixes, urging us to reflect on the overall state of cybersecurity in our interconnected world. As we enjoy the benefits of the digital age, we need to stay alert to protect ourselves from potential dangers.
Also Read: How organizations are democratizing their data assets
Verdict
The report’s findings about vulnerabilities in Operational Technology (OT) and Internet of Things (IoT) routers are a cause for concern in our digitally connected world. Sierra Wireless AirLink cellular routers, essential in many global applications, are now facing potential threats. The discovery of 21 vulnerabilities in Sierra Wireless AirLink cellular routers poses a risk to daily communications. The varying severity of these vulnerabilities underlines the immediate need for a comprehensive cybersecurity overhaul. The report reveals a concerning situation with over 86,000 routers still exposed, and less than 10% of them patched since 2019. This highlights the urgent need to address these vulnerabilities, especially in regions like the United States, Canada, Australia, France and Thailand, to avoid widespread disruptions.
These vulnerabilities are not just technical issues. They risk community safety and the smooth operation of crucial services. The report urging a comprehensive approach, beyond quick fixes, is essentially asking for a collective rethinking of how we ensure cybersecurity. The report strongly encourages taking proactive measures to secure important devices, highlighting the importance of reevaluating vulnerabilities in open-source software and adopting a broader perspective on digital security in our interconnected world.
