getonscoop 
- An IoT firm has suffered a major data breach, experts warn
- The leak exposed a Mars Hydro databse containing almost 2.7 billion records
- The records were primarily comprised of WiFi and network device information
Mars Hydro, a Chinese firm which produces a range of Internet of Things (IoT) devices such as LED lights and hydroponics equipment, has suffered a massive data breach after an unprotected database containing nearly 2.7 billion records was discovered online.
Security researcher Jeremiah Fowler identified the non-password protected database, which included WiFi network names, passwords, IP addresses, device numbers, and more.
Users of these products should be aware that there may be a risk of the details of their WiFi networks being compromised, and there could be national security implications if the information falls into the wrong hands. Although the researcher doesn’t suggest any personally identifiable information was exposed, users should still understand the risks, here’s what we know.
Vulnerable devices
Many of the products are controlled by internet connected devices (like smartphones), and information about these was included in the breach. It’s not yet clear whether the database is managed or owned directly by Mars Hydro and LG-LED SOLUTIONS, or whether this was run through a third party contractor.
There are privacy and device security concerns and, as Fowler points out, a previous report estimated that ‘57% of IoT devices were considered highly vulnerable, and 98% of data transmitted by these devices is unencrypted.’
“The hypothetical worst case scenario would be if this information was used for surveillance, man-in-the-middle (MITM) attacks, mapping of networks and critical infrastructure, or other potential misuse” Fowler said.
Whilst there was no evidence of threat actors accessing the breached data, there is a concern that the information could be accessed by foreign governments and used for ‘surveillance or intelligence gathering’ purposes.
“I am not stating nor implying that these companies are engaged in any of these activities or that their users are at risk” Fowler continued.
“I am not claiming that just because an application was made in China or has Chinese ownership there is an imminent risk. I am only highlighting what data is collected and how it could be a potential security risk in the wrong hands.”
IoT devices have been targeted before, particularly by botnet attacks, which have risen 500%, and are an escalating issue. Known software flaws or easy to break passwords are found within a network. Once a device is compromised, this can lead to a botnet of compromised devices, which can be used to spread malware, launch DDoS attacks or infiltrate critical systems.
Data breach complications
In this dataset, the research describes seeing “a massive amount of exposed SSID names, passwords, MAC addresses, and user IP addresses that could potentially allow unauthorized remote access to the device’s Wi-Fi network.”
This means the exposed credentials could theoretically allow an attacker to connect to the network and compromise other devices. Nokia recently reported IoT devices engaged in botnet-driven DDoS attacks have increased 500% over the past 18 months and now make up 40% of all DDoS traffic.
To mitigate the risks, admins should first be sure to immediately change any default passwords. The passwords the IoT tools come with are often shared across fleets of the same device – unchanged passwords might mean hackers already have access.
A strong, unique password is essential for any device, and we’ve put together a list of tips for creating a secure and safe password if you need any advice.
Another important consideration is strengthening your software. Patch management is crucial, integral to your vulnerability management program, and staying up to date gives you an extra layer of protection from zero-day exploitation.
Last but not least, be proactive. Complacency and weak backend safeguards are what hackers count on, so closely monitoring for suspicious behavior segmenting networks, and consolidating endpoint management with a unified console can all help keep you protected.
We’ve put together a guide for admins, if you want to see some more detailed advice.
