U.S. federal agencies, the Armis enterprise security firm, and real-time operating system (RTO) and device companies warn of just-discovered vulnerabilities in a nearly 20-year-old industry standard network protocol from Interpeak that could potentially make millions of devices exploitable.
The Urgent/11 series of bugs may affect the security of patient monitors, insulin pumps, routers, security cameras, and other products across dozens of manufacturers, making them susceptible to service attacks or even hijacking.
Many RTOs employed in always-on devices incorporate the Interpeak code, including at least seven RTOs that operate in industrial Internet of Things devices.
The bugs' long persistence is rooted in the same deployment of network protocols comprising the device/network connection-enabling TCP/IP stack.
Armis is issuing an open source tool to detect potentially vulnerable devices on their network and determine possible defensive strategies.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA
No entries found