New ThroughTek IoT supply-chain vulnerability announced

This week, the U.S. Department of Homeland Security announced a new IoT supply-chain vulnerability with serious impact for Internet of Things devices.

DHS and Nozomi Networks Labs announced a new vulnerability discovered in a ThroughTek software component that’s used broadly by security-camera and smart-device vendors.

IoT supply-chain vulnerabilities like this have become more prevalent.

With this kind of breach, malicious attackers tamper with the development process of software to inject a malicious component, such as a remote-access tool, that will let them establish a foothold into the targeted organization or individual.

Indeed, supply-chain attacks rose by 42% in the first quarter of 2021 in the U.S., affecting up to 7 million people, according to the Identity Theft Resource Center.

“Supply-chain cyberattacks are especially challenging for security pros to address, as their nature allows these flaws to proliferate rapidly,” said Tanner Johnson, Omdia’s principal analyst for data security. “The ubiquity of widely used hardware and software technologies means that, when such vulnerabilities result in an exponential increase in the fallout from the successful attack, making these types of flaws highly sought after among would-be adversaries.”

ThroughTek Supply Chain Vulnerability Could Affect Millions of IoT Devices

The ThroughTek component is part of the supply chain for many original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices. ThroughTek states that its technology is used by several million Internet of Things (IoT)-connected devices.

To read the complete article, visit IoT World Today.