Relay Addresses the Recent Cybersecurity Vulnerability in Surveillance and Security Cameras market; 100 Million Connected Devices Susceptible to Remote Hijacking
Relay Medical Corp. (RYMDF) highlighted a critical cybersecurity vulnerability in Hikvision's surveillance cameras impacting over 100 million connected devices. Hikvision, which controls approximately 40% of the global market, has a vulnerability score of 9.8, signifying a major risk. Companies like Toshiba, Honeywell, and Panasonic are affected, as Hikvision components are often rebranded. Cybeats offers solutions to fortify device security, advocating for Software Bills of Materials (SBoM) to manage vulnerabilities effectively. The rise of IoT cyber attacks, reported by Kaspersky to have doubled in 2021, reinforces the urgency of addressing such vulnerabilities.
- Cybeats provides active defense solutions targeting Hikvision vulnerabilities.
- Cybeats offers SBoM management to enhance product security.
- Growing demand for cybersecurity solutions in the IoT sector, valued at $73 billion.
- Over 100 million devices are potentially vulnerable due to Hikvision’s admitted flaws.
- Vulnerability could lead to significant risks for companies using Hikvision cameras.
- Hikvision's status as a PRC government-owned entity raises compliance concerns.
TORONTO, Sept. 24, 2021 /PRNewswire/ - Relay Medical Corp. ("Relay" or the "Company") (CSE: RELA) (OTCQB: RYMDF) (Frankfurt: EIY2) addresses a recent revelation about the widely-used Hikvision1, a Chinese state-owned surveillance and connected security camera manufacturer, whereby a critical vulnerability was discovered in more than 100 million connected devices currently operational in the market.
The Hikvision vulnerability affects dozens of IoT device companies, including devices affiliated with brands such as Toshiba, Honeywell, Panasonic, Hyundai and Hitachi.2 Hikvision owns approximately
"Recent Hikvision news demonstrates a widespread problem of software weaknesses and vulnerabilities that are hidden in the software components of connected products this is meant to be addressed by NTIA (National Telecommunications and Information Administration) and its SBoM software transparency initiative. It's another example of why software and hardware companies need to have internal product security hygiene and processes in place that provide a singular, transparent view into all their products. Cybeats offers holistic supply chain security starting from the design phase, while also continuously assessing, monitoring and eliminating threats in real-time of critical operating devices," said Dmitry Raidman, CTO and Co-founder of Cybeats.
Cybeats Provides Preventative Solutions
Cybeats products directly address the Hikvision vulnerability by providing secure by design and SBoM management capabilities, and we recommend:
A) Product vendors and manufacturers to start integrating SBoM generation in their processes earlier in manufacturing and development stages
B) Product consumers should start requesting the SBoMs for products they procure and resell, including any white labeled devices such as currently vulnerable Hikvision security products
C) Both manufacturers and consumers will need to start utilizing SBoM for various security and compliance use-cases, as regulatory mandates on software & SBoM are a widespread requirement
Malwarebytes5 identified that Original Equipment Manufacturers (OEMs) rebrand Hikvision cameras and sell them as their own. It could take quite some time before all of these other potentially vulnerable devices are identified. Hikvision is PRC government-owned6 but banned by the US-government7. It is the world's largest video surveillance manufacturer and a generally hidden supply chain to many Western companies. Given the deployment of these cameras at sensitive sites, critical infrastructure is potentially at risk.
Cybeats Provides Active Defense Solutions
Having the Cybeats agent integrated into a connected device, such as those affected by this Hikvision vulnerability, would have provided real-time actionable protection to affected brands that were identified by ipvm8, such as Toshiba, Honeywell, Panasonic, Hyundai and Hitachi. Cybeats supports manufacturers (such as surveillance and security camera companies) to build connected devices with security in mind, beginning in the design phase throughout the product life-cycle. Lastly, Cybeats IoT RASP capabilities can provide actionable data about the device's operating state, and allow for threat elimination in real-time as new attacks emerge. Once a device vulnerability is found, Cybeats's SBOM Studio can provide insight into which devices are affected, and which to recall or which to provide a firmware update. This provides manufacturers with fleet management tools along with efficient and accurate firmware updates to the affected devices.
Other Recent Cyber Attacks
IoT cyber attacks have escalated in 20219, according to Kaspersky10. IoT cyberattacks more than doubled with roughly 1.5 Billion IoT attacks occurring from January to June 2021. The study was conducted using software honeypots11, which emulate IoT devices as a proxy for vulnerable hardware endpoints. The findings also confirm that the pandemic has exacerbated IoT vulnerabilities by prolonging device usage in household settings. Many of these devices – whether intended for enterprise or personal use – lack adequate security protocols.12
This Hikvision vulnerability news also follows the breach of Tesla13 security cameras, which came along with the hacking of jails and hospitals. The live feeds and data of 150,000 surveillance cameras, collected by Silicon Valley startup Verkada Inc., were breached in March 2021.14Vulnerabilities like these can result in significant service disruptions, as exemplified in the Mirai botnet attack15 from 2016 whereby the hackers used a botnet of IoT devices including webcams, routers, and DVRs to 'take down' the internet in North America for multiple days. Many prominent corporations, including CNBC, Amazon, Twitter, Netflix, Spotify, and Paypal, experienced outages of their website and client server issues, causing shutdowns and service delays lasting several hours.16
RECENT NEWS: Relay shares the highlights from their Cybeat's SBoM webinar, where notable NTIA past and present employees, Allan Friedman and Tom Alrich, respectively, participate in the discussion about the State of Cybersecurity. The highlights and YouTube recording can be found here: https://bit.ly/3hZTh82.
SUBSCRIBE: For more information on Relay or to subscribe to the Company's mail list visit: https://www.relaymedical.com/news.
About Relay Medical Corp.
Relay Medical is a technology innovator headquartered in Toronto, Canada focused on the development of novel solutions in the diagnostics, AI data science and IoT security sectors. Relay recently acquired Cybeats Technologies, a platform which offers a holistic approach to cybersecurity and addresses the
The Company held a Special Meeting to approve a Name Change on September 20, 2021 as the Company's core competencies and product offerings have organically grown beyond the medical device industry, and this expansion into new industries and businesses will be reflected in the Name Change. The Company's new name will more aptly and effectively communicate the business and its commercial verticals.
Website: www.relaymedical.com
Forward-looking Information Cautionary Statement
Except for statements of historic fact, this news release contains certain "forward-looking information" within the meaning of applicable securities law. Forward-looking information is frequently characterized by words such as "plan", "expect", "project", "intend", "believe", "anticipate", "estimate" and other similar words, or statements that certain events or conditions "may" or "will" occur. Forward-looking statements are based on the opinions and estimates at the date the statements are made, and are subject to a variety of risks and uncertainties and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements including, but not limited to delays or uncertainties with regulatory approvals, including that of the CSE. There are uncertainties inherent in forward-looking information, including factors beyond the Company's control. There are no assurances that the commercialization plans for the technology described in this news release will come into effect on the terms or time frame described herein. The Company undertakes no obligation to update forward-looking information if circumstances or management's estimates or opinions should change except as required by law. The reader is cautioned not to place undue reliance on forward-looking statements. Additional information identifying risks and uncertainties that could affect financial results is contained in the Company's filings with Canadian securities regulators, which filings are available at www.sedar.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/relay-addresses-the-recent-cybersecurity-vulnerability-in-surveillance-and-security-cameras-market-100-million-connected-devices-susceptible-to-remote-hijacking-301384533.html
SOURCE Relay Medical Corp.
FAQ
What is the cybersecurity vulnerability in Hikvision cameras reported by Relay Medical?
How does Cybeats address the Hikvision vulnerability?
What companies are impacted by the Hikvision vulnerability according to Relay Medical?
What is Hikvision's market share in the global surveillance market?