Sign In

Communications of the ACM

ACM TechNews

Decades-Old Code Putting Millions of Critical Devices at Risk


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Devices like these may become exploitable as a result of the newly found vulnerabilities.

Armis, the Department of Homeland Security, the Food and Drug Administration, and a broad swath of so-called real-time operating system and device companies have disclosed that a suite of network protocol bugs exist in far more platforms than originally believed.

Credit: Leon Werdinger/Alamy

U.S. federal agencies, the Armis enterprise security firm, and real-time operating system (RTO) and device companies warn of just-discovered vulnerabilities in a nearly 20-year-old industry standard network protocol from Interpeak that could potentially make millions of devices exploitable.

The Urgent/11 series of bugs may affect the security of patient monitors, insulin pumps, routers, security cameras, and other products across dozens of manufacturers, making them susceptible to service attacks or even hijacking.

Many RTOs employed in always-on devices incorporate the Interpeak code, including at least seven RTOs that operate in industrial Internet of Things devices.

The bugs' long persistence is rooted in the same deployment of network protocols comprising the device/network connection-enabling TCP/IP stack.

Armis is issuing an open source tool to detect potentially vulnerable devices on their network and determine possible defensive strategies.

From Wired
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found