IoT device(s) exposed
What has been found
IoT device(s) exposed
An Internet of Things (IoT) device, {name}, was found exposed to the internet. IoT devices often have vulnerabilities in their firmware and are rarely designed to be directly accessible from external networks, making them a high-risk entry point for attackers.
Why this is a potential risk
An Internet of Things device was found exposed to the internet. IoT devices are notorious for vulnerabilities in their firmware and are rarely designed to be exposed directly to the internet, making them an attractive entrypoint for attackers.
Such services, when exposed to the internet, become attractive targets for attackers. They can be used as entry points for various attacks such as ransomware, data exfiltration, or unauthorized access. Best practice is to restrict these services to trusted internal networks.
Potential solutions/Improvements
-
Restrict access: Update firewall rules and access control lists to block internet access to IoT devices.
-
Segmentation: Place IoT devices on isolated network segments to prevent lateral movement in case of compromise.
-
Patch and maintain: Regularly update firmware and follow vendor security recommendations.
-
Secure configurations: Enable strong authentication and encryption where possible. Disable default credentials and unnecessary services.
-
Monitor and log: Continuously monitor network traffic to and from IoT devices for abnormal behaviour.
How to verify it is resolved:
- Perform an external vulnerability scan to confirm the IoT device is no longer exposed to the internet.
- Audit firewall rules and network segmentation to ensure only authorised internal access is allowed.
- Test any required remote access to verify it enforces strong authentication and encrypted communications.
- Review device and network logs for unusual access attempts or traffic patterns.
- Conduct periodic penetration tests to validate that IoT devices remain isolated from external networks.