Iskra Smart Meter Snafu: Remote Hackers Welcome, No Password Required!
View CSAF Iskra iHUB and iHUB Lite devices are so friendly, they welcome everyone—including hackers. With no authentication needed, remote attackers can party with your smart meters. But don’t fret, CISA has your back with some solid advice: update those VPNs and keep your networks secure, because even hackers appreciate good hospitality!
Hot Take:
It looks like Iskra’s iHUB got caught with its digital pants down! With a vulnerability that opens the gates to remote reconfiguration and firmware updates, this is a hacker’s dream come true. It’s like leaving the keys in the ignition of your car with a sign saying “please steal me.” I guess Iskra decided to go on a digital diet and cut out authentication altogether. Who knew going password-less could be so exciting? Let’s hope they get their act together before the hackers decide to have a field day with their systems.
Key Points:
- Iskra’s iHUB and iHUB Lite devices are vulnerable due to missing authentication for critical functions.
- The vulnerability holds a CVSS v4 score of 9.3, making it a high-severity issue.
- Exploitation could allow unauthorized remote access to reconfigure devices or update firmware.
- The issue affects all versions of these smart metering gateways and data concentrators.
- Iskra has not responded to mitigation requests, leaving users to fend for themselves.