Millions of smart devices vulnerable to hacking

BOSTON (AP) — Researchers at a cybersecurity firm say they have identified vulnerabilities in software widely used by millions of connected devices — flaws that could be exploited by hackers to penetrate business and home computer networks and disrupt them.

There is no evidence of any intrusions that made use of these vulnerabilities. But their existence in data-communications software central to internet-connected devices prompted the U.S. Cybersecurity and Infrastructure Security Agency to flag the issue in a bulletin.

Potentially affected devices from an estimated 150 manufacturers range from networked thermometers to “smart” plugs and printers to office routers and healthcare appliances to components of industrial control systems, the cybersecurity firm Forescout Technologies said in a report released Tuesday. Most affected are consumer devices including remote-controlled temperature sensors and cameras, it said.

In the worst case, control systems that drive “critical services to society” such as water, power and automated building management could be crippled, said Awais Rashid, a computer scientist at Bristol University in Britain who reviewed the Forescout findings.

In its advisory, CISA recommended that users take defensive measures to minimize the risk of hacking. In particular, it suggested cutting off industrial control systems from the internet and isolated from corporate networks.

The discovery highlights the dangers that cybersecurity experts often find in internet-linked appliances designed without much attention to security. Sloppy programming by developers is the main issue in this case, Rashid said.

Fixing the problems, which could afflict millions of impacted devices, is particularly complicated because they reside in so-called open-source software, code freely distributed for use and further modification. In this case, the issue involves fundamental internet software that manages communication between internet devices via a technology called TCP/IP.

Fixing the vulnerabilities in impacted devices is particularly complicated because open-source software isn’t owned by anyone, said Elisa Costante, Forescout’s vice president of research. Such code is often maintained by volunteers. Some of the vulnerable TCP/IP code is two decades old; some of it is no longer supported, Costante added.

It is up to the device manufacturers themselves to patch the flaws and some may not bother given the time and expense required, she said. Some of the compromised code is embedded in a component from a supplier — and if no one documented that, no one may even know it’s there.

“The biggest challenge comes in finding out what you’ve got,” Rashid said.

If unfixed, the vulnerabilities could leave corporate networks open to crippling denial-of-service attacks, ransomware delivery or malware that hijacks devices and enlists them in zombie botnets, the researchers said. With so many people working from home during the pandemic, home networks could be compromised and used as channels into corporate networks through remote-access connections.

Forescout notified as many vendors as it could about the vulnerabilities, which it dubbed AMNESIA:33. But it was impossible to identify all affected devices, Costante said. The company also alerted U.S., German and Japanese computer security authorities, she said.

The company discovered the vulnerabilities in what it called the largest study ever on the security of TCP/IP software, a year-long effort it called Project Memoria.

Panorama Hispano is the regional news and information newspaper for Hispanic and other diverse communities.

US Hispanics are now the largest ethnic minority in the United States numbering 54.2 million as of July 2014. Serving: Buffalo, Rochester, Fredonia, Niagara Falls, NY and Erie, PA. Outside our Market area: Visit our affiliate at: http://www.impremedia.com/

Contact us: Contact@PanoramaHispanoNews.com

Featured News

Apr 9, 2021
Muere el príncipe Felipe, esposo de la reina Isabel II - Prince Philip, husband of Queen Elizabeth II, dies at 99

LONDON (AP) El duque de Edimburgo, el príncipe Felipe, marido de la reina Isabel II, ha muerto a los 99 años, según anunció la Casa Real británica en un comunicado. “Es con gran pesar que Su Majestad la Reina anuncia la muerte de su amado marido, Su Alteza Real el príncipe Felipe, duque de Edimburgo”, […]

Read More
Apr 9, 2021
Expert: Lack of oxygen killed George Floyd, not drugs

MINNEAPOLIS (AP) — George Floyd died of a lack of oxygen from being pinned to the pavement with a knee on his neck, medical experts testified at former Officer Derek Chauvin’s murder trial, emphatically rejecting the defense theory that Floyd’s drug use and underlying health problems killed him. “A healthy person subjected to what Mr. […]

Read More
Apr 8, 2021
Buffalo Employment and Training Center - Hiring during COVID 19 - Job postings

Buffalo Employment and Training Center 77 Goodell St., Buffalo, NY 14203 716-856-5627 / 716-856-5670 Fax www.workforcebuffalo.org Orientation Times: Monday-Thursday, 10 am or 2 pm. Mayor: Byron W. Brown * County Executive: Mark C. Poloncarz  Exec. Director, BETC Demone Smith BETC HOURS MONDAY THROUGH FRIDAY: 9:00 AM to 5:00 BETC: MEET THE EMPLOYERS: APRIL 2021 Attached is […]

Read More

popular categories

Copyright © 2021 Panorama Hispano News. All Rights Reserved.
crossmenuchevron-downmenu-circlecross-circle
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram