IBM Says Flaw in Millions of Wireless IoT Modules Make Medical Devices, Smart Meters, etc. Defenseless to Cyberattacks

By B.N. Frank

Security expert warnings about Internet of Things (IoT) go back several years. Examples of past and recent hacks seem endless (see 1, 2, 3). Due to ongoing failures and “planned obsolesce,” this technology is also a huge source of toxic E-Waste which isn’t being recycled.

Regardless, it continues to be installed by businesses and communities (see 1, 2) as well as by medical device manufacturers. More flaws exposing life threatening vulnerability – including utility “Smart” Meters and insulin pumps – were reported recently by IBM.

From Bank Info Security:

IBM Finds Flaw in Millions of Thales Wireless IoT Modules

Insulin Pumps Could Be Manipulated and Smart Meters Could Be Wrecked, IBM Warns

A problem found in certain communication modules leaves many wireless medical devices vulnerable to cyberattacks if left unpatched, reports Bank Info Security.

A patching effort has been underway for six months to upgrade Thales wireless communication modules that are embedded in millions of IoT devices, including smart meters and insulin pumps. Left unpatched, a vulnerability in the modules could allow attackers to control devices, IBM warns.

A patching effort has been underway for six months to upgrade Thales wireless communication modules that are embedded in millions of IoT devices, including smart meters and insulin pumps. Left unpatched, a vulnerability in the modules could allow attackers to control devices, IBM warns.

Read full article

Become an Activist Post Patron for $1 per month at Patreon.

In fact, according to an article from Security Intelligence, IBM’s hackers knew of vulnerabilities as far back as September, 2019:

However, in September 2019, X-Force Red discovered a vulnerability in Thales’ (formerly Gemalto) Cinterion EHS8 M2M module used in millions of internet-connected devices over the last decade. After further testing, Thales confirmed that this vulnerability affects other modules within the same product line of the EHS8 (BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, PLS62), further expanding the potential impact of this vulnerability. These modules are mini circuit boards that enable mobile communication in IoT devices.

More importantly, they store and run Java code often containing confidential information like passwords, encryption keys and certificates. Using information stolen from the modules, malicious actors can potentially control a device or gain access to the central control network to conduct widespread attacks – even remotely via 3G in some cases. Using this flaw, attackers could potentially instruct smart meters to knock out a city’s electricity or even overdose a medical patient, as long as the devices responsible for these critical functions are using an unpatched module exposed to an attacker, for example, over the 3G/4G connection this module enables.

Since tens of millions of electric, gas and water “smart” meters have been installed by utility companies worldwide, they are probably already installed on your home or they will be soon. These meters are plagued with problems – however – unlike original analog meters they allow utilities to collect customer usage data 24/7. This data is analyzed to market more products to customers and/or sell to 3rd parties.

Activist Post Recommended Book: The Age of Surveillance Capitalism

Experts have always warned that wireless and “smart” devices are vulnerable to surveillance and data collection by the manufacturers themselves (see 1, 2, 3, 4, 5) as well as hackers who may also wreak additional havoc via theft and/or setting devices on fire.

Wired connections have always been more secure. They also significantly reduce harmful Electromagnetic Radiation emissions which an increasing number of medical experts – including the World Health Organization – continue to warn is very bad for our health in all kinds of undesirable ways in addition to increased cancer risk.

Activist Post reports regularly about unsafe technology. For more information visit our archives.

Become a Patron!

Subscribe to Activist Post for truth, peace, and freedom news. Send resources to the front lines of peace and freedom HERE! Follow us on SoMee, HIVE, Parler, Flote, Minds, and Twitter.

Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.


Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

Be the first to comment on "IBM Says Flaw in Millions of Wireless IoT Modules Make Medical Devices, Smart Meters, etc. Defenseless to Cyberattacks"

Leave a comment