Internet of Things (IoT) security firm Forescout uncovered 33 flaws, collectively labeled Amnesia:33, in seven open source TCP/IP stacks that potentially leave millions of IoT devices vulnerable.
Many of the bugs were basic programming errors, like missing input validation checks that keep a system from accepting problematic values or operations.
Patching these flaws is difficult if not impossible, as five stacks have been around for nearly two decades, while two have circulated since 2013; this means numerous versions and variants exist, with no central authority to issue fixes.
Moreover, manufacturers who have incorporated the code into their products would have to proactively adopt the correct patch for their version and deployment, then circulate it to users.
Said Forescout’s Elisa Costante, "What scares me the most is that it’s very difficult to understand how big the impact is and how many more vulnerable devices are out there."
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found