Ihiji: 40% of Network Installations Have Open Ports Vulnerable to Hacks

Ihiji’s Invision Remote Systems Management product adds active security scanning, noting that 40% of integrators’ installations include at least one open port, making them vulnerable to hacking. Ihiji will also issue reports on vulnerabilities for certain manufacturer firmware.


Ihiji has added new security scanning and firmware management features to help integrators secure their network installations from hacks. These hacks targeted exposed devices (devices not protected by a firewall), devices with poor or leaked passwords, or known compromised firmware.

A recent audit conducted by Ihiji found that, of dealer-managed networks with active Ihiji Invision service, 40 percent of have at least one port open. These ports were often associated with unsecured communication protocols and many of them were commonly used for home automation systems or security camera systems. 

Other findings from Ihiji's audit showed that 22 percent of systems in the field had an insecure Port 80, and 15 percent of all Crestron systems had two wide open ports. 

“The numbers shocked me,” says Stuart Rench, CEO of Ihiji. “A lot of integrators may not even know that they left these ports open.”

Ihiji’s new security scanning service allows technology professionals to get insights into what vulnerabilities might exist on each of the client networks they manage. Scanning each network for open ports or known exploits on a regular basis will ensure the networks are as secure as possible.

Rench adds, “Ports are opened and left opened for a variety of reasons, some of them may be legitimate, some of them may be historical artifacts, and others may be due to human error or oversight. The new Ihiji security scanning service allows network administrators to stay on top of these potential security threats.”

Rench tells CE Pro that in many cases integrators have been told to leave open ports so they will have the ability to remotely access the system and to never upgrade the firmware.

“Unfortunately, many integrators have been coached with these bad practices,” he says. 

Ihiji will also be providing customer-facing reports that the dealer can then send to their clients on a periodic basis to give them peace of mind and show their value. Many technology professionals are considering adding these security scans and reports as part of their standard managed service plans.

“Technology professionals in the smart home space often work with high profile clients, integrating whole home control, entertainment systems, access control and security cameras into the system. It is critical that these systems be as secure as possible to protect the client’s privacy and security,” adds Rench. 

Ihiji's Notification Service

To help home electronics manufacturers overcome the challenge of firmware management and patching, the company is also launching a manufacturer database and notification service as part of the new Ihiji Vendor Insights Program (VIP). The VIP allows manufacturers to easily communicate current device firmware to both the Ihiji Invision platform and also as part of the new Ihiji Device Visibility Protocol (DVP).

As part of VIP, Ihiji has released the first remote monitoring and management standard for the industry to help manufacturers increase visibility into their devices. The firmware database allows device manufacturers to post updates to the database when new software updates are released for their products.

Combining the manufacturer database and device insights, Ihiji can work with manufacturers to communicate the availability of new and critical firmware updates. 

The new security features will be part of Ihiji's regular product updates and will not require manual work by the dealer and no additional fees. The new security features will be included for dealers for as part of Ihiji’s Invision Standard subscription.

The company has recently announced a change to its pricing model that provides a free Lite subscription allowing for Internet uptime and performance monitoring as well as unlimited remote reboots.  

About the Author

Jason Knott
Jason Knott:

Jason Knott is Chief Content Officer for Emerald's Connected Brands. Jason has covered low-voltage electronics as an editor since 1990, serving as editor and publisher of Security Sales & Integration. He joined CE Pro in 2000 and serves as Editor-in-Chief of that brand. He served as chairman of the Security Industry Association’s Education Committee from 2000-2004 and sat on the board of that association from 1998-2002. He is also a former board member of the Alarm Industry Research and Educational Foundation. He has been a member of the CEDIA Business Working Group since 2010. Jason graduated from the University of Southern California.




CybersecuritySnap One