Advertisement

Lexumo Warns Customers of Vulnerable IoT Devices

By on

data discovery x300Per PRNewswire, Lexumo, developer of the world’s first automated service for continuously monitoring Internet of Things (IoT) code for critical open source vulnerabilities, today announced that its cloud-based platform has been constantly protecting customers from the SSHowDowN vulnerability (CVE-2004-1653) – well prior to Akamai’s recent announcement.

Akamai reports that hackers are now exploiting the 12-year old OpenSSH vulnerability to mount mass-scale attacks from millions of compromised IoT devices, including routers, cable modems, satellite TV equipment, and IP-connected cameras, DVRs and NAS (Network Attached Storage) devices. The attacks create unauthorized SSH tunnels which are then used to route malicious traffic against victim sites while hiding the attackers’ identities. Attackers also use the devices as beachheads to launch internal attacks against corporate networks.

Lexumo uses graph analytics and machine learning developed for DARPA to precisely identify public vulnerabilities such as Heartbleed, Shellshock (Bashdoor), and SSHowDowN in IoT code. The platform also provides detailed instructions for remediating vulnerabilities in order to avoid their exploitation by cyberattackers. The company was recently recognized as an IoT Company to Watch and a Machine Learning Startup to Watch.

“Cyberattackers look for the path of least resistance – and vulnerabilities that have been around for years are a great place to start,” said Richard Carback, PhD, co-founder and Chief Architect at Lexumo.

Read more at PRNewswire.

Leave a Reply