Mars Hydro, a Chinese company that manufactures IoT devices such as LED lights and hydroponic equipment, has just suffered a serious data breach.
Security researcher Jeremiah Fowler discovered an unprotected database containing nearly 2.7 billion records from Mars Hydro. The records include Wi-Fi network names, passwords, IP addresses, device numbers, and more.
Users of Mars Hydro products should be made aware of the risks of having their Wi-Fi network details compromised. There is also a national security risk if the information falls into the wrong hands.
Many of the products are controlled by Internet-connected devices like smartphones, and information about them was also included in the breach, Fowler said.
It is unclear whether the database is managed or owned directly by Mars Hydro and LG-LED Solutions, or through a third party.
Fowler cited a previous report estimating that 57% of IoT devices were rated as highly vulnerable to attack and that 98% of data transmitted through these devices was unencrypted.
According to experts, the worst-case scenario is that the information is used for surveillance, man-in-the-middle attacks, network mapping and critical infrastructure...
While there is no evidence that bad actors have accessed the database, there are concerns that the information could be accessed and used for intelligence or surveillance purposes.
The information could potentially lead to unauthorized access to a device’s Wi-Fi network remotely, the researcher said. Nokia recently reported that the number of IoT devices participating in botnet-based DDoS attacks increased by 500% in the past 18 months and accounted for 40% of DDoS traffic.
To minimize the risk, administrators need to ensure that default passwords are changed and strong, unique passwords are set. In addition, software needs to be updated regularly to avoid attacks and exploits.
(According to TechRadar)
Source: https://vietnamnet.vn/cong-ty-trung-quoc-lam-lo-2-7-ty-ho-so-tren-mang-2371494.html
Comment (0)