The recently discovered cyber vulnerability in Apache Log4j, a widely used open source Java software package, has created a need for organizations to urgently assess and remediate this vulnerability across all their systems, including IoT devices. This blog highlights why there must be a rapid response to this cyber threat, how Viakoo is addressing this with its own systems and products, and how your organization can leverage automated device firmware management to quickly eliminate the threat of IoT devices being breached by the Log4j vulnerability. This vulnerability can be exploited on IoT applications devices as well as traditional IT applications and devices. Many IoT devices use Java and the Apache Log4j component, which can be deeply embedded in the software stack used by the device. When exploited, this vulnerability allows an attacker to run arbitrary code on the device, giving full control over to the attacker. Once under control by a threat actor, the risk from a breached IoT device can be devastating; imagine the impact from changing the chemical balance in a municipal water supply, replacing real camera footage with deepfakes, or disrupting transportation systems. These dangers require immediate attention and action. From when this vulnerability was announced Viakoo’s security team immediately commenced an investigation of its software and systems and has found no evidence of compromise. Viakoo is certified to the SOC-2 Type 2 standard, which means that the security our systems has been validated by third party auditors and that we have ongoing processes and controls in place to prevent breaches or other methods of compromising our systems.
