When Third-Party Maintenance Alters Your IoT Device to an Unsecured State

Configuration drift – when a good configuration changes due to error or attack – spells chaos for Internet of Things (IoT) environments. Maintaining a known good baseline for hundreds or thousands of devices may feel like a game of whack-a-mole. However, not every change is the result of a bad actor or a cyber attack. Sometimes, it’s a well-meaning third-party technician or even the device manufacturer itself, whose updates unintentionally introduce risk. For example, allowing additional network access (such as SNMP) to help diagnose an issue can become an issue if left on accidentally. As organizations continue to rely on third-party maintenance and remote device management, especially in the sprawling world of IoT, unintended security setbacks are becoming an increasingly common problem.

IoT device security can be accidentally but significantly degraded in the name of maintenance. All without malicious intent. When this happens, organizations must detect the change quickly and take steps to return the device to its hardened, secure baseline before malicious actors can detect and exploit the window of opportunity. And with the volume of attacks, detection may not be necessary; the next regularly scheduled set of attacks will just be more successful for no apparent reason.

Understanding the Risks of Third-Party Maintenance

IoT ecosystems often operate independently of traditional IT governance, leading to potential gaps in visibility, patching, and policy implementation. These “unmanaged” devices are often siloed, diverse, and operated by external vendors with varying levels of security oversight. From basic sensors to full-scale industrial platforms, the range of IoT devices introduces complexity and risk to any organization.

Over the past decade, third-party code and maintenance have become essential to device functionality. In 2020 alone, the integration of third-party commercial code in IoT products significantly increased from 17% in 2015 to 56%, highlighting its widespread use as connected devices exploded in popularity. While this has accelerated innovation, it’s also introduced unexpected challenges when updates are rolled out without full transparency or vetting. For example, a smart infusion pump might use a third‑party TCP/IP stack to handle network communication and adjust medication dosages in real-time. If that stack contains a vulnerability, such as Ripple20, it could put the device at risk. Ripple20 was a set of 19 vulnerabilities discovered in a widely used third-party TCP/IP stack from Treck Inc. that impacted millions of IoT devices, including medical, industrial, and consumer devices. 

While third-party vendors are often responsible for device maintenance, updates and patches can sometimes have unintended consequences. Firmware updates, remote patching services, or configuration changes can all inadvertently weaken IoT device security in several ways, including:

• Reverting security settings to factory defaults
• Disabling encryption or logging functions
• Resetting passwords or access control rules
• Opening previously closed ports or enabling unsafe services

These seemingly routine actions can cause a device’s configuration to drift from its hardened state.

Why Managing Third-Party Risk Is Non-Negotiable

When an update weakens a device’s security, the consequences can be severe. A single misconfigured device may serve as an entry point for attackers to infiltrate networks. Once a malicious actor has gained access to a network, they can disrupt operations, exfiltrate sensitive data, or even deploy ransomware.

Organizations should treat third-party access to IoT devices with the same level of scrutiny as any internal privileged user. Whether it’s a biomedical technician updating an infusion pump or a remote vendor patching a smart sensor, organizations need to verify the impact of every change and ensure devices remain secure post-maintenance. Potential device security issues from third-party updates include:

• Insecure Credentials: Firmware updates may revert settings to factory defaults, removing customized security measures.
• Vulnerabilities: Firmware updates may inadvertently introduce vulnerabilities if not thoroughly tested.
• Access Controls: In some cases, third-party services might disable or weaken access control measures, enabling unauthorized users to gain control.

As a best practice, any IoT update, whether a firmware update or a patch for a critical vulnerability, should be thoroughly tested to ensure it will not compromise device security. An IoT security platform can help organizations and their vendors validate that an update is safe to deploy and will not result in configuration drift. Additionally, all IoT devices should be hardened to operate on a known good baseline configuration and should only communicate with other devices on the network in well-understood ways. This way, if a firmware update does result in a device drifting to a vulnerable state, internal teams can identify and re-harden the device.

How to Revert to a Hardened State After a Third-Party Update

Configuration drift shifts a secure device into a vulnerable state, making it an ideal target for exploitation. Whether the drift occurred due to accidental changes or resulted from updates or patches that had insufficient testing, organizations must act quickly to restore secure operations.

Here’s how to respond when a third-party change alters your device’s baseline configuration:

• Isolate the Affected IoT Device: Once you confirm the presence of ransomware, power down and disconnect any infected devices from the network to prevent the ransomware from spreading. 
• Investigate and Identify Malicious Configuration Changes: Security teams should review logs for any indication of anomalous behavior or unauthorized access.
• Restore to a Known Good Configuration: Restore the device’s configuration to its last known good state, ensuring all settings and credentials are secure.
• Apply Missing Security Patches and Updates: After restoring the device configuration, check to ensure any outstanding security patches and updates are applied to the device to address any known vulnerabilities.
• Monitor for Further Suspicious Activity: Once recovery is complete, monitor the device for any signs of lingering malware or unauthorized access. 

Strengthening IoT Security Against Third-Party Configuration Drift

Limiting who can make changes to IoT devices is the first line of defense in the fight against configuration drift. However, this is less and less feasible for organizations using more and more specialized devices, where it is easier to rent manufacturer or third-party expertise than develop it in-house.  What office today has a salaried printer maintainer, to pick an example from history?

Organizations should also leverage an IoT security platform to streamline device risk management. The right platform provides visibility into all connected devices, can alert on configuration drift in near real-time, and enables fast recovery by returning devices to their last known good state. Leveraging an IoT security platform also provides security teams with the resources to investigate, remediate, and re-harden devices before a full-scale security incident occurs.

Prevent Third-Party Security Risks With Asimily

Even trusted partners can introduce risk into your IoT ecosystem. Treating third-party maintenance as part of your risk management strategy can reduce the chances of accidental compromise and increase your operational resilience. 

The Asimily platform was purpose-built for connected device security. Now, with Asimily Configuration Control, organizations gain access to a “digital time machine” that ensures their connected device fleet continues operating in an approved, known good state. With Configuration Control, teams can quickly and easily compare any device to its known good state, highlighting any changes and effortlessly reducing the risk of configuration drift. As an added benefit, teams can set meaningful alerts for when changes do occur, reducing alert fatigue and enabling near real-time decision-making and response. 

Contact us today to learn more about Asimily Configuration Control.