Relay Addresses the Recent Cybersecurity Vulnerability in Surveillance and Security Cameras market; 100 Million Connected Devices Susceptible to Remote Hijacking
Relay Addresses the Recent Cybersecurity Vulnerability in Surveillance and Security Cameras market; 100 Million Connected Devices Susceptible to Remote Hijacking
TORONTO, Sept. 24, 2021 /PRNewswire/ - Relay Medical Corp. ("Relay" or the "Company") (CSE: RELA) (OTCQB: RYMDF) (Frankfurt: EIY2) addresses a recent revelation about the widely-used Hikvision1, a Chinese state-owned surveillance and connected security camera manufacturer, whereby a critical vulnerability was discovered in more than 100 million connected devices currently operational in the market.
多倫多,9月2021年2月24日/美通社/-Relay Medical Corp.(“繼電器“或”公司“)(CSE:RELA)(OTCQB:RYMDF)(法蘭克福:EIY2)解決了最近關於廣泛使用的Hikvision1一家中國國有監控和聯網安全攝像頭製造商,在目前市場上運行的1億多台聯網設備中發現了一個嚴重漏洞。
The Hikvision vulnerability affects dozens of IoT device companies, including devices affiliated with brands such as Toshiba, Honeywell, Panasonic, Hyundai and Hitachi.2 Hikvision owns approximately 40% of the global surveillance and security camera market.3 Hikvision has admitted a 9.8 vulnerability score which is "the highest level of critical vulnerability" and is estimated to impact more than 100 million connected devices operating in the market.4
Hikvision漏洞影響到數十家物聯網設備公司,包括東芝(Toshiba)、霍尼韋爾(Honeywell)、松下(Panasonic)、現代(Hyundai)和日立(Hitachi)等品牌的附屬設備。2Hikvision擁有全球監控和安全攝像機市場約40%的份額。3Hikvision承認了9.8的漏洞得分,這是“最高級別的嚴重漏洞”,估計將影響市場上運行的1億多台聯網設備。4
"Recent Hikvision news demonstrates a widespread problem of software weaknesses and vulnerabilities that are hidden in the software components of connected products this is meant to be addressed by NTIA (National Telecommunications and Information Administration) and its SBoM software transparency initiative. It's another example of why software and hardware companies need to have internal product security hygiene and processes in place that provide a singular, transparent view into all their products. Cybeats offers holistic supply chain security starting from the design phase, while also continuously assessing, monitoring and eliminating threats in real-time of critical operating devices," said Dmitry Raidman, CTO and Co-founder of Cybeats.
“Hikvision最近的新聞顯示了一個普遍存在的問題,即隱藏在互聯產品的軟件組件中的軟件弱點和漏洞。這是NTIA(國家電信和信息管理局)及其SBoM軟件透明度倡議應該解決的一個普遍問題。這是軟件和硬件公司為什麼需要建立內部產品安全衞生和流程,為所有產品提供單一、透明的視圖的又一個例子。Cybeats從設計階段開始提供全面的供應鏈安全,同時還持續評估、監控和消除關鍵操作設備的威脅。”這是另一個例子,説明為什麼軟件和硬件公司需要建立內部產品安全衞生和流程,為所有產品提供單一、透明的視角。Cybeats從設計階段開始提供全面的供應鏈安全,同時還持續評估、監控和消除關鍵操作設備的威脅。説德米特里·雷德曼,首席技術官兼Cybeats的聯合創始人。
Cybeats Provides Preventative Solutions
Cybeats提供預防性解決方案
Cybeats products directly address the Hikvision vulnerability by providing secure by design and SBoM management capabilities, and we recommend:
Cybeats產品通過提供安全的設計和SBoM管理功能直接解決Hikvision漏洞,我們建議:
A) Product vendors and manufacturers to start integrating SBoM generation in their processes earlier in manufacturing and development stages
A)產品供應商和製造商在製造和開發階段的早期階段開始將SBoM的生成整合到其流程中
B) Product consumers should start requesting the SBoMs for products they procure and resell, including any white labeled devices such as currently vulnerable Hikvision security products
B)產品消費者應開始為他們採購和轉售的產品申請sbom,包括任何白標設備,如目前易受攻擊的hikvision安全產品。
C) Both manufacturers and consumers will need to start utilizing SBoM for various security and compliance use-cases, as regulatory mandates on software & SBoM are a widespread requirement
C)製造商和消費者都需要開始將sbom用於各種安全和合規使用案例,因為對軟件和sbom的監管要求非常普遍。
Malwarebytes5 identified that Original Equipment Manufacturers (OEMs) rebrand Hikvision cameras and sell them as their own. It could take quite some time before all of these other potentially vulnerable devices are identified. Hikvision is PRC government-owned6 but banned by the US-government7. It is the world's largest video surveillance manufacturer and a generally hidden supply chain to many Western companies. Given the deployment of these cameras at sensitive sites, critical infrastructure is potentially at risk.
惡意字節5 確定原始設備製造商(OEM)重新命名Hikvision攝像機並將其作為自己的產品銷售。可能需要相當長的時間才能識別出所有其他潛在的易受攻擊的設備。Hikvision是中國政府所有的公司6但被美國政府禁止--7。它是世界上最大的視頻監控制造商,對許多西方公司來説,它是一個普遍隱藏的供應鏈。鑑於這些攝像頭部署在敏感地點,關鍵基礎設施可能面臨風險。
Cybeats Provides Active Defense Solutions
Cybeats提供主動防禦解決方案
Having the Cybeats agent integrated into a connected device, such as those affected by this Hikvision vulnerability, would have provided real-time actionable protection to affected brands that were identified by ipvm8, such as Toshiba, Honeywell, Panasonic, Hyundai and Hitachi. Cybeats supports manufacturers (such as surveillance and security camera companies) to build connected devices with security in mind, beginning in the design phase throughout the product life-cycle. Lastly, Cybeats IoT RASP capabilities can provide actionable data about the device's operating state, and allow for threat elimination in real-time as new attacks emerge. Once a device vulnerability is found, Cybeats's SBOM Studio can provide insight into which devices are affected, and which to recall or which to provide a firmware update. This provides manufacturers with fleet management tools along with efficient and accurate firmware updates to the affected devices.
將Cybeats代理集成到連接的設備中(例如受Hikvision漏洞影響的設備)將為ipvm識別的受影響品牌提供實時可行的保護。8例如東芝、霍尼韋爾、松下、現代和日立。Cybeats支持製造商(如監控和安全攝像頭公司)從整個產品生命週期的設計階段開始,在構建互聯設備時考慮到安全性。最後,Cybeats IoT Rasp功能可以提供有關設備運行狀態的可操作數據,並允許在出現新攻擊時實時消除威脅。一旦發現設備漏洞,Cybeats的SBOM Studio可以洞察哪些設備受到影響,哪些應該召回或提供固件更新。這為製造商提供了機羣管理工具以及對受影響設備的高效、準確的固件更新。
Other Recent Cyber Attacks
最近發生的其他網絡攻擊
IoT cyber attacks have escalated in 20219, according to Kaspersky10. IoT cyberattacks more than doubled with roughly 1.5 Billion IoT attacks occurring from January to June 2021. The study was conducted using software honeypots11, which emulate IoT devices as a proxy for vulnerable hardware endpoints. The findings also confirm that the pandemic has exacerbated IoT vulnerabilities by prolonging device usage in household settings. Many of these devices – whether intended for enterprise or personal use – lack adequate security protocols.12
2021年物聯網網絡攻擊升級9,根據卡巴斯基的説法10。2021年1月至6月,物聯網網絡攻擊增加了一倍多,大約發生了15億次物聯網攻擊。這項研究是使用軟件蜜罐進行的11,它模擬物聯網設備作為易受攻擊的硬件端點的代理。研究結果還證實,大流行通過延長家庭環境中設備的使用時間,加劇了物聯網漏洞。這些設備中的許多--無論是用於企業還是個人--都缺乏足夠的安全協議。12
This Hikvision vulnerability news also follows the breach of Tesla13 security cameras, which came along with the hacking of jails and hospitals. The live feeds and data of 150,000 surveillance cameras, collected by Silicon Valley startup Verkada Inc., were breached in March 2021.14Vulnerabilities like these can result in significant service disruptions, as exemplified in the Mirai botnet attack15 from 2016 whereby the hackers used a botnet of IoT devices including webcams, routers, and DVRs to 'take down' the internet in North America for multiple days. Many prominent corporations, including CNBC, Amazon, Twitter, Netflix, Spotify, and Paypal, experienced outages of their website and client server issues, causing shutdowns and service delays lasting several hours.16
這條Hikvision漏洞新聞也是在特斯拉被攻破之後發佈的13隨之而來的是監獄和醫院遭到黑客攻擊的安全攝像頭。硅谷初創公司Verkada Inc.收集的15萬個監控攝像頭的直播和數據在2021年3月被攻破。14這樣的漏洞可能導致嚴重的服務中斷,Mirai僵屍網絡攻擊就是一個例證15從2016年開始,黑客使用物聯網設備(包括網絡攝像頭、路由器和DVR)組成的僵屍網絡在北美好幾天了。許多知名公司,包括CNBC、亞馬遜、Twitter、Netflix、Spotify和Paypal,都經歷了網站和客户端服務器問題,導致關閉和服務延遲長達數小時。16
RECENT NEWS: Relay shares the highlights from their Cybeat's SBoM webinar, where notable NTIA past and present employees, Allan Friedman and Tom Alrich, respectively, participate in the discussion about the State of Cybersecurity. The highlights and YouTube recording can be found here: https://bit.ly/3hZTh82.
最新消息:Relay分享了Cybeat的SBoM網絡研討會的亮點,在研討會上,NTIA過去和現在的著名員工艾倫·弗裏德曼(Allan Friedman)和湯姆·阿爾裏奇分別參加有關網絡安全狀況的討論。精彩部分和Youtube視頻可在此處找到:https://bit.ly/3hZTh82.
SUBSCRIBE: For more information on Relay or to subscribe to the Company's mail list visit: https://www.relaymedical.com/news.
訂閲:欲瞭解更多有關中繼的信息或訂閲該公司的郵件列表,請訪問:https://www.relaymedical.com/news.
About Relay Medical Corp.
關於Relay Medical Corp.
Relay Medical is a technology innovator headquartered in Toronto, Canada focused on the development of novel solutions in the diagnostics, AI data science and IoT security sectors. Relay recently acquired Cybeats Technologies, a platform which offers a holistic approach to cybersecurity and addresses the $73 billion IoT security market through their Software Bill of Materials and microagent solution. Cybeats provides real-time cybersecurity for connected devices, critical infrastructure, automotive, medical and IoT (Internet of Things) sectors.
Relay Medical是一家技術創新者,總部位於加拿大多倫多,專注於開發診斷、人工智能數據科學和物聯網安全領域的新型解決方案。Relay最近收購了Cybeats Technologies,這是一個提供整體網絡安全方法的平台,並解決了730億美元通過其軟件物料清單和微代理解決方案實現物聯網安全市場。Cybeats為互聯設備、關鍵基礎設施、汽車、醫療和物聯網(IoT)部門提供實時網絡安全。
The Company held a Special Meeting to approve a Name Change on September 20, 2021 as the Company's core competencies and product offerings have organically grown beyond the medical device industry, and this expansion into new industries and businesses will be reflected in the Name Change. The Company's new name will more aptly and effectively communicate the business and its commercial verticals.
2021年9月20日,公司召開特別會議批准更名,因為公司的核心能力和產品供應已經有機地增長到醫療器械行業以外,這種向新行業和新業務的擴張將反映在更名中。該公司的新名稱將更恰當、更有效地溝通業務及其商業垂直市場。
Website: www.relaymedical.com
網址:www.relayMedical al.com
Forward-looking Information Cautionary Statement
前瞻性信息警示聲明
Except for statements of historic fact, this news release contains certain "forward-looking information" within the meaning of applicable securities law. Forward-looking information is frequently characterized by words such as "plan", "expect", "project", "intend", "believe", "anticipate", "estimate" and other similar words, or statements that certain events or conditions "may" or "will" occur. Forward-looking statements are based on the opinions and estimates at the date the statements are made, and are subject to a variety of risks and uncertainties and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements including, but not limited to delays or uncertainties with regulatory approvals, including that of the CSE. There are uncertainties inherent in forward-looking information, including factors beyond the Company's control. There are no assurances that the commercialization plans for the technology described in this news release will come into effect on the terms or time frame described herein. The Company undertakes no obligation to update forward-looking information if circumstances or management's estimates or opinions should change except as required by law. The reader is cautioned not to place undue reliance on forward-looking statements. Additional information identifying risks and uncertainties that could affect financial results is contained in the Company's filings with Canadian securities regulators, which filings are available at www.sedar.com.
除歷史性陳述外,本新聞稿還包含適用證券法意義上的某些“前瞻性信息”。前瞻性信息經常使用諸如“計劃”、“預期”、“項目”、“打算”、“相信”、“預期”、“估計”等類似詞彙,或某些事件或條件“可能”或“將”發生的陳述來描述。前瞻性陳述以陳述發表之日的意見和估計為基礎,受各種風險、不確定因素和其他因素的影響,這些因素可能導致實際事件或結果與前瞻性陳述中預期的大不相同,包括但不限於監管部門批准的延遲或不確定因素,包括CSE的批准。前瞻性信息中存在固有的不確定性,包括公司無法控制的因素。不能保證本新聞稿中描述的技術的商業化計劃將在本文描述的條款或時間範圍內生效。除非法律要求,否則如果情況或管理層的估計或意見發生變化,公司不承擔更新前瞻性信息的義務。提醒讀者不要過度依賴前瞻性陳述。識別可能影響財務結果的風險和不確定因素的更多信息包含在該公司提交給加拿大證券監管機構的文件中,這些文件可在www.sedar.com上查閲。
|
_______________________ |
|
1https://us.hikvision.com/en |
|
2https://ipvm.com/reports/hik-oems-dir |
|
3https://www.forbes.com/sites/leemathews/2021/09/22/widely-used-hikvision-security-cameras-vulnerable-to-remote-hijacking/?sh=6e12f1502f31 |
|
4https://ipvm.com/reports/hik-oems-dir |
|
5https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-insecure-hikvision-security-cameras-can-be-taken-over-remotely/ |
|
6https://ipvm.com/reports/hikvision-prc |
|
7https://ipvm.com/reports/aug-13-2019 |
|
8https://ipvm.com/reports/hik-oems-dir |
|
9https://www.iotworldtoday.com/2021/09/17/iot-cyberattacks-escalate-in-2021-according-to-kaspersky |
|
10https://www.kaspersky.ca/ |
|
11https://www.kaspersky.com/resource-center/threats/what-is-a-honeypot |
|
12https://www.iotworldtoday.com/2021/09/17/iot-cyberattacks-escalate-in-2021-according-to-kaspersky |
|
13https://www.tesla.com/ |
|
14https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams |
|
15https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/ |
|
16https://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html |
|
_______________________ |
|
1個https://us.hikvision.com/en |
|
2個https://ipvm.com/reports/hik-oems-dir |
|
3https://www.forbes.com/sites/leemathews/2021/09/22/widely-used-hikvision-security-cameras-vulnerable-to-remote-hijacking/?sh=6e12f1502f31 |
|
4個https://ipvm.com/reports/hik-oems-dir |
|
5https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-insecure-hikvision-security-cameras-can-be-taken-over-remotely/ |
|
6個https://ipvm.com/reports/hikvision-prc |
|
7個https://ipvm.com/reports/aug-13-2019 |
|
8個https://ipvm.com/reports/hik-oems-dir |
|
9https://www.iotworldtoday.com/2021/09/17/iot-cyberattacks-escalate-in-2021-according-to-kaspersky |
|
10 https://www.kaspersky.ca/ |
|
11https://www.kaspersky.com/resource-center/threats/what-is-a-honeypot |
|
12https://www.iotworldtoday.com/2021/09/17/iot-cyberattacks-escalate-in-2021-according-to-kaspersky |
|
13個https://www.tesla.com/ |
|
14https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams |
|
15https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/ |
|
16https://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html |
SOURCE Relay Medical Corp.
信源接力醫療公司(Source Relay Medical Corp.)
Related Links
相關鏈接
https://www.relaymedical.com/
Https://www.relaymedical.com/
譯文內容由第三人軟體翻譯。