Sign In

Communications of the ACM

ACM TechNews

Microsoft Finds Memory Allocation Holes in Range of IoT, Industrial Technology

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Artist's impression of chips potentially affected by the poor memory allocation operations.

The security research group for Microsoft's Azure Defender for IoT found a batch of bad memory allocation operations in code used in Internet of Things and operational technologies that could lead to malicious code execution.

Credit: iStock

The security research unit for Microsoft's new Azure Defender for IoT product discovered a number of poor memory allocation operations in code used in Internet of Things (IoT) and operational technology (OT), like industrial control systems, that could fuel malicious code execution.

Dubbed BadAlloc, the exploits are associated with improperly validating input, which leads to heap overflows.

The team, called Section 52, said the use of these functions becomes problematic when passed external input that can trigger an integer overflow or wraparound as values to the functions.

Microsoft said it alerted the affected vendors (including Google Cloud, ARM, Amazon, Red Hat, Texas Instruments, and Samsung Tizen) and patched the vulnerabilities in cooperation with the U.S. Department of Homeland Security.

The team recommended the isolation of IoT devices and OT networks from corporate information technology networks using firewalls.

From ZDNet
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account