Millions of smart devices have been targeted by malware, says a report from Forescout. This enterprise security company found a total of 33 new zero-day vulnerabilities present in millions of smart devices manufactured by over 150 manufacturers.
The research has called the new development ‘AMNESIA:33.” These have been found in widely used open-source TCP/IP stacks of connectivity components of millions of IoT devices. The research presenters said that it is hard to really assess the full impact of the threat but they are sure that millions of devices worldwide are affected.
In a statement, the organization mentions open source stack is known to be widely used in embedded components, which are present in most modern enterprises. The smart devices affected range from network switches to smart printers, environmental sensors, security cameras, self-checkout kiosks, badge/fob readers, uninterrupted power supplies, RFID asset trackers, and more.
The vulnerabilities include four critical areas that allow for remote code execution attacks. Other less critical bugs may cause memory corruption and be used for denial of service, information leaks, or DNS poisoning.
Today’s business models allow for the use of more IoT or smart devices. Technology is being put forward as the means through which many corporate bodies are able to serve clients and customers better. With the importance of security standards of TCP/IP stack, these security issues become really vital for experts to look at. Some of the industries that are more vulnerable to these attacks are those in the healthcare, retailing, utility supply, and manufacturing sectors.
This study aims to continue to inform its global audience on the state of security issues, while also identifying common vulnerabilities, and exploring ways in which they can be mitigated. It encourages firms to conduct risk assessments, using internal DNS servers, and they should be ready to install security patches as soon as they become available.
