IoT gateway provider Libelium’s Meshlium Manager System had web vulnerabilities, which were open to Mirai-style botnet attacks. Libelium said it has corrected the faults.
The Meshlium Manager System receives data from sensors and forwards the information directly to the Internet. The gateway is used for multiple IoT deployments including air and water monitoring of gas leaks, early flood detection, vegetable production and monitoring water quality to reduce pollution. According to Kaspersky, the number of malicious programs attacking the IoT has more than doubled in the last year.
“Hacked IoT devices can be used for DDoS attacks, channeling the combined power of lots of, say, Wi-Fi routers to flood and cripple a server,” the security firm writes in a blog.
“That was exactly what the infamous Mirai botnet did, for example, when it took down dozens of the world’s largest Web services nearly a year ago.”
An IoT gateway is not only supposed to link sensors with cloud servers, but it is supposed to provide an additional layer of security. With these vulnerabilities, data was at risk of being compromised. The issues were flagged by IBM. Libelium has confirmed it “took action instantaneously”, detecting the vulnerabilities and releasing a software update on August 1.
Patches were updated for cloud connections such as Amazon IoT, Cumulocity, Plasmacomp, Symphoni and Telit.
Examples of Amazon Web Services IoT customers include Hello Fresh, Go Pro, Kemppi, Siemens and Centratech Systems.
“Any device can be vulnerable,” CTO David Gascon comments. “It is very important to continually test and develop the patches needed urgently to give confidence to users acting quickly.”
In a statement, the company thanked IBM for its contribution in finding the vulnerabilities. A new firmware update that solves the code injection problem is already available: Meshlium Manager System v4.0.9 (for current Meshlium generation) and Meshlium Manager System v3.2.9 (for the previous Meshlium generation).
Meanwhile, Libelium has launched a new industrial line of IoT kits to automate controllers and metres. Used for factory automation, industrial networking and even military uses, the Waspmote kits have been designed to meet rising demand of industrial related projects in 2018.