Welcome to HTM 24/7: Unveiling IoT Security Threats

Welcome to a new episode of HTM 24/7, your go-to podcast for tech insights. Today, we’re thrilled to have Noam Moshe from Clarity’s Team 82. He’s here to shed light on a crucial cybersecurity topic.

Noam Moshe: Uncovering Router Vulnerabilities

Our focus today is an eye-opening discovery by Noam’s team. They’ve identified significant vulnerabilities in iOS ER 2000 edge routers. These findings are reshaping our understanding of IoT security.

The Heart of IoT: Why Routers Matter

Why focus on routers? Noam explains their role as IoT gateways. He highlights how critical they are in connecting devices, especially in sectors like healthcare.

Medical Devices at Risk: A Closer Look

Noam delves into the impact on medical devices. He discusses the dangers these vulnerabilities pose. It’s a deep dive into why protecting these devices is paramount for patient safety.

Understanding the Risks: Noam’s Insights

What are the risks? Noam breaks them down, emphasizing the potential for network breaches. His insights are invaluable for grasping the severity of these threats.

Proactive Measures: Safeguarding Our Connected World

Noam concludes with advice on protective measures. He stresses the need for vigilance and proactive security in IoT devices.

Podcast Transcript

Keri Stephens (00:06):

Hi, welcome to the HTM 24 7 Podcast. I’m your host, Carrie Stevens. For this episode, I’m joined by No Mosh, a vulnerability researcher at Clarity’s Team 82. Noam, thank you for joining me today.

Noam Moshe (00:20):

Thank you so much for inviting me. I’m super excited to be here today.

Keri Stephens (00:25):

Yeah, and I really just want to jump into this. So your team recently discovered [00:00:30] multiple critical vulnerabilities in connected iOS ER 2000 edge routers, which serve as gateways for internet of things or IOT devices. So can you talk about this in the context specifically of medical devices and why this area was chosen for your research?

Noam Moshe (00:48):

Yeah, for sure. So basically as intimidate two, we want to look at some kind of critical devices and interesting devices that could be somehow [00:01:00] very big and allow big exposure in the industry. And that’s why we chose looking at three and 4G routers, which basically act as a gateway, meaning you need to connect some kind of site to the internet and you might not have a physical cable or physical internet connection. Well, in those cases, you might want to implement and use a three or 4G router that acts as an internet gateway connecting your sites to the internet. Now this is actually pretty cool because when we’re talking [00:01:30] about these sites that are used in iot, basically connecting iot devices, be it manufacturing, remote site connectivity, medical, you name it, these sites are remote, are somewhere out there, and sometimes there’s not a way for attackers to go into these sites and leverage the way into these sites. However, some critical infrastructure is kept on these sites. So we thought to ourselves, how can we devise the new exploitation technique or [00:02:00] basically attack vector that could affect these sites and allow attackers, malicious attackers to leverage a way into the internal networks of basically any kind of organization, be it medical, be it in the realm of manufacturing, you name it, and that way we could see how attackers could basically infiltrate an internal network, an internal device network of such organizations.

Keri Stephens (02:26):

Well, our brand is obviously for medical devices, [00:02:30] so let’s get into the critical nature of medical devices, of patient’s safety concerns. So what are some of the risks associated with the vulnerabilities you discovered?

Noam Moshe (02:39):

So basically they could allow attackers to gain access to the actual physical devices. For example, a medical device that sits somewhere and might not be connected to the regular network, and that way it could allow attackers to access and leverage the way and basically get network access to these devices. [00:03:00] Now, a lot of the times, especially in the medical realms, we see kind of a realization that the devices are not secured by nature, not inherently secure because it might be the protocol is not secure. For example, if we’re talking about DICOM, for example, which is the protocol for medical imaging and modality test, it might not be the most secure protocol inherently, and in order to secure it, a lot of medical organizations choose to implement a very strict network rules basically denying any kind of attacker [00:03:30] into accessing their devices. Now, because we exploit the actual router that might actually block and drop the packets from the internet, the exposed internet, we are now able to access internal network that is very internal and only contains devices, and that way we can interact with networks and devices we are not supposed to. And that puts a lot of risk because these networks are not protected, sometimes not even monitored. They are sitting somewhere [00:04:00] basically not exposed. However, by abusing the vulnerabilities, we are able to expose them and attack them through the internet without requiring direct access, which is pretty cool.

Keri Stephens (04:13):

No, very cool. Yeah. So how did your research findings not only impact the routers but also the cloud-based device management platform use in healthcare settings?

Noam Moshe (04:25):

So we identified some actually architecture flaws, meaning we not [00:04:30] only found some vulnerabilities in a specific device or in the cloud platforms, although we did find some of these. We also find flaws within the architecture itself, meaning how devices connect, authenticate, and basically exchange messages with the cloud. And because we identified this architectures flaw, it means that basically we found flaws in the architecture and the infrastructure of connected iOS cloud. Along with that, we managed to basically gain access [00:05:00] to actual patient, not patient, but customer information, meaning all of the information that the devices are sending to the cloud, we were able to see them, meaning we are able to use and see the customer information of the connected devices, as well as actually we managed to identify some vulnerabilities that allow us to fully take over connected as IO cloud, meaning we’re able to execute code on their cloud servers.

Keri Stephens (05:29):

So with connected [00:05:30] IO providing firmware updates to address these vulnerabilities, what steps can healthcare organizations take to make sure their connected devices are secure post update?

Noam Moshe (05:43):

Yep. So like you’ve said, connected IO have done something pretty amazing and that shows their care for their customers because they actually work with us and fully fixed all of the we identified. [00:06:00] And because of that, they made sure that all of their customers are safe and are no longer vulnerable in regards to how can you protect yourselves in front of this kind of attacks? I believe the most important thing is knowing what kind of devices you have. If we’re talking about the medical network, a lot of the times the network admins are not even aware of all the different kinds of the iot [00:06:30] devices that are connected to their network and might introduce basically exposure and risk. So that’s the most critical stuff. And define and understanding what devices are at your network and how can you protect against those rogue devices that might make compromise by attackers.

Keri Stephens (06:54):

I mean, it seems to me that all of this kind of starts from the beginning with the medical device manufacturers. So [00:07:00] how do you want to address medical device manufacturers to making sure that their devices are secure before they put them out there?

Noam Moshe (07:07):

So I see a very increase in the industry of security. I mean, companies, especially medical companies, understand the inherent risk of vulnerabilities in their products, and they put more and more effort and put the products into more tests and more Q quality assurance and vulnerability researchers, et cetera, to make sure that the customers [00:07:30] itself, which might involve actually real life patients and might have physical damages, they want to ensure they are safe. And we are seeing an increase in the world of medical devices in regards to security concerns. However, I believe the most important stuff is being more transparent and working with the industry and allowing [00:08:00] people to test their devices. And we are seeing an increase of medical companies allowing us and other companies to work with them and basically present them vulnerabilities. We find, and I believe this is a critical step into making sure that the entire industry is safer.

Keri Stephens (08:17):

I know we do a salary survey every year and it kind of just looks at the whole industry and the people tell us the thing they’re most concerned with other than the aging out of the biomed field is cybersecurity. [00:08:30] I mean, that is always what these HTM professionals are telling us, but I always don’t think that the general public knows how insecure some of their medical devices are. So can you just talk about that? Should people be as concerned as a lot of the HTM professionals are about this? I mean, is it really that big of a deal?

Noam Moshe (08:54):

Well, I think we are seeing a more focus on cyber medical attacks [00:09:00] because when we’re talking about cyber medical attacks, we’re talking about physical damages, physical actual damages that could involve actually human lives or even when we’re talking about data leakage is a very, very sensitive data that should never be exposed. And we are seeing an increase in attacking groups and different kind of hackers or ransomware gangs that are targeting the medical field. In the past, [00:09:30] I believe that this field was less focused on which actually allowed it to be less secure, and we are seeing a lot of less secure, less encrypted, less security focused devices and protocols in the medical industry. And it is very concerning. However, I think the field is moving in the right direction, however, not fast enough, and it needs to move faster to make [00:10:00] sure that no actual damages actually could occur.

Keri Stephens (10:06):

Is there anything we didn’t cover that you want to tell our audience who are members of the HTM field?

Noam Moshe (10:13):

I believe the most hard part is understanding the risk because you are never aware what is running at your network and what is running under the hood. I mean, I’m buying a router, for example. I am not sure what’s actually [00:10:30] running there behind the plastics. And that is a very major security concern because it might be compromised and I’ll never know it. In order to remedy this risk, we must basically expand our security posture and build a security by layers, meaning we must do proper network hygiene and say, if this kind of device or this edge router [00:11:00] might be compromised, how am I protecting my network and making sure that all of my patients and all my customers are safe? I believe it needs to be built in layers, meaning let’s say this thing is compromised, how am I basically covering it in another field? And that’s the only way making sure your security posture itself is very robust and protected against all of these kind of attacks.

Keri Stephens (11:30):

[00:11:30] Well, thank you. Thank you so much Noam. And to our listeners, be sure to check out 24 7 x mag.com for more information. Thank you. Take care.