One firmware analysis of popular OT/IoT routers in parts of ASEAN suggests some trends in risk exposure levels embedded in firmware

Based on Dec 2023 analyses of firmware images from 39 manufacturers of OT/IoT network equipment available on the internet*, a cybersecurity firm has announced its findings about routers used in operational technology (OT) and IoT systems.

First, the analyzed images contained outdated software components that were linked to existing (“n-day”) vulnerabilities. The “popular” OT/IoT router firmware images analyzed had an average of 20 exploitable n-day vulnerabilities affecting the kernel, with widening security gaps. 

Second, based on extrapolations of the market reach of the manufacturers of the analyzed firmware images, the firm asserts there are 22m exposed devices in the ASEAN region, with those in Singapore being the most exposed OT/internet connection sharing devices (and the highest percentage of exposed IT devices), followed by those in Vietnam, Thailand, Malaysia and Indonesia. The disclaimer is that countries with the most exposed devices in the analysis were not necessarily the most compromised.

Third, in terms of compromised/malicious IP addresses, the rankings for the four relevant ASEAN router manufacturers in the analysis were, in descending order, Vietnam (31.89%), Thailand (20.86%), Indonesia (18.28%) and Singapore (11.79%).

Fourth, a key finding was that there has been a decline in routers being released with default login credentials (such as ID: admin, PW: admin). However, there were numerous issues of custom patching by vendors that “do not change component versions and create confusion about what is actually vulnerable.”

According to Barry Mainz, CEO, Forescout, the firm that publicized the commissioned analysis: “To effectively mitigate risks in an environment increasingly dominated by OT and Internet of Things, we need a comprehensive asset inventory that identifies crucial details through both passive and active methods. Integrating this data with Software Bills of Materials helps us deliver targeted risk information and enforce security measures essential for protecting our digital infrastructure.”

*a total of 290 firmware images narrowed down to include only devices that function as cellular routers, have firmware images that can be automatically analyzed, and are relatively popular (based on results from the Shodan search engine). From this refined list, five firmware images were shortlisted.