Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices


Researchers found serious flaws in Dataprobe’s iBoot power distribution unit (PDU), which may be used by hostile parties to remotely hijack the device and shut down all connected devices, possibly disrupting the targeted business.

Industrial cybersecurity company Claroty researchers discovered a total of seven flaws with the iBoot-PDU device, including one that might have allowed a remote, unauthenticated attacker to execute arbitrary code. For remote power management, the affected PDU offers a web interface and a cloud platform for setting up the device and managing each individual outlet. More than 2,000 PDUs were directly exposed to the internet in 2021, and roughly a third of those were iBoot PDUs, according to a Censys research.

Read More: iBoot Power Distribution Unit Flaws Allow Hackers to Remotely Shut Down Devices