Routers Now Lead IoT Risk Rankings as Vo1d Botnet Hits 1.6M Android TV Devices

Routers Displace Traditional IoT Endpoints as Top Enterprise Risk

Routers now represent the highest-risk device category in enterprise networks, according to new telemetry from Forescout's device-risk platform. The finding upends conventional IoT security priorities that typically focus on cameras, printers, and building automation systems. Forescout's analysis of monitored environments places routers above all other device types for critical vulnerabilities and exploit potential, driven by outdated firmware and remotely accessible management interfaces.

The shift matters because routers function as both targets and pivot points. A compromised branch router or industrial gateway provides attackers with network-level access that bypasses endpoint controls entirely. For security teams, this means treating routers as Tier-1 critical assets on par with domain controllers, not as infrastructure assumed to be hardened by default.

Enterprises should add three requirements to router procurement specifications: demonstrated secure update mechanisms with signed firmware, integration with device-risk platforms like Forescout or Armis for continuous posture monitoring, and published software bills of materials with vulnerability disclosure commitments. Budget previously allocated to generic IoT monitoring should shift toward router refresh projects — especially where legacy consumer-grade devices persist in factories or remote sites — and network segmentation centered on isolating routers and gateways.

Vo1d Botnet Adds 300,000 Devices in Six Months

The Vo1d botnet now controls 1.6 million Android TV devices, up from 1.3 million approximately six months ago. The 23% growth in half a year positions Vo1d as one of the largest DDoS-capable IoT botnets currently observed, and demonstrates that consumer-grade smart devices remain trivially easy to compromise at scale.

The mechanism is straightforward: Android TV devices ship with known vulnerabilities, users never apply firmware updates, and attackers scan for exposed management ports. Once compromised, devices join a botnet controlled via command-and-control infrastructure that can launch distributed denial-of-service attacks or serve as proxies for other malicious traffic.

For enterprises, the risk is indirect but material. Corporate guest networks, conference room displays, and signage systems frequently include Android TV hardware. A compromised device on a flat network can serve as an initial access point or a persistent backdoor. Security teams should segment all display and entertainment devices onto isolated VLANs with no route to corporate resources, and add Android TV and similar consumer platforms to device-risk inventories with automated firmware version checks.

The growth rate also signals that botnet operators face minimal friction in scaling attacks. The gap between disclosure of a vulnerability and mass exploitation continues to narrow, making automated patch management for IoT devices a mandatory control rather than a best practice.

Exein Raises €70M to Embed Security Directly in Device Firmware

Italian IoT security vendor Exein closed a €70 million (approximately $81 million) Series C round led by Balderton Capital. Exein provides embedded runtime security that OEMs integrate at build time, monitoring for anomalies and preventing exploitation directly within firmware on constrained devices like microcontrollers and embedded Linux systems.

The model targets environments where traditional endpoint agents are impractical due to CPU, memory, or real-time operating system constraints. Instead of bolting security on after deployment, Exein's framework becomes part of the device image itself, creating a security boundary that travels with the hardware through its lifecycle.

The funding reduces vendor viability risk and positions Exein as a credible long-term partner for OEM secure-by-design programs. Enterprises should expect more aggressive licensing deals between Exein and MCU or system-on-chip vendors, which will influence which device platforms appear in RFPs. For example, preferring hardware lines with Exein pre-integrated becomes a way to shift security left into the supply chain rather than attempting to secure devices post-deployment.

Enterprises that build or customize devices should add embedded runtime security to hardware program budgets as a standard line item, similar to code-signing and SBOM tooling. For security teams, this reinforces a supply-chain-centric IoT risk strategy: spending more with fewer, better-secured OEMs rather than trying to compensate with network monitoring and micro-segmentation after the fact.

What to Watch

Router risk will drive budget toward network infrastructure refresh and zero-trust segmentation projects in 2025. Security teams should audit branch and industrial router inventories now, identify devices running end-of-life firmware, and build replacement roadmaps before the next budget cycle.

Botnet growth rates indicate that mass exploitation timelines are compressing. Enterprises relying on manual patching or vendor-managed firmware updates for IoT devices will fall further behind. Automated device discovery and patch orchestration tools are no longer optional for organizations with more than 1,000 connected devices.

Embedded security will move from niche to standard in device procurement within 24 months. Add questions about runtime security frameworks and secure boot mechanisms to vendor questionnaires now, before OEMs treat them as differentiators rather than baseline requirements.