Sign In

Communications of the ACM

ACM TechNews

Critical Flaws in Millions of IoT Devices May Never Get Fixed


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The flaws in the so-called TCP/IP stacks affect devices that offer no clear path to patching.

Forescout researchers found vulnerabilities in seven open source TCP/IP stacks.

Credit: Sam Whitney/Getty Images

Internet of Things (IoT) security firm Forescout uncovered 33 flaws, collectively labeled Amnesia:33, in seven open source TCP/IP stacks that potentially leave millions of IoT devices vulnerable.

Many of the bugs were basic programming errors, like missing input validation checks that keep a system from accepting problematic values or operations.

Patching these flaws is difficult if not impossible, as five stacks have been around for nearly two decades, while two have circulated since 2013; this means numerous versions and variants exist, with no central authority to issue fixes.

Moreover, manufacturers who have incorporated the code into their products would have to proactively adopt the correct patch for their version and deployment, then circulate it to users.

Said Forescout’s Elisa Costante, "What scares me the most is that it’s very difficult to understand how big the impact is and how many more vulnerable devices are out there."

From Wired
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found