Sign In

Communications of the ACM

ACM TechNews

Decades-Old Code Putting Millions of Critical Devices at Risk

View as: Print Mobile App Share:
Devices like these may become exploitable as a result of the newly found vulnerabilities.

Armis, the Department of Homeland Security, the Food and Drug Administration, and a broad swath of so-called real-time operating system and device companies have disclosed that a suite of network protocol bugs exist in far more platforms than originally b

Credit: Leon Werdinger/Alamy

U.S. federal agencies, the Armis enterprise security firm, and real-time operating system (RTO) and device companies warn of just-discovered vulnerabilities in a nearly 20-year-old industry standard network protocol from Interpeak that could potentially make millions of devices exploitable.

The Urgent/11 series of bugs may affect the security of patient monitors, insulin pumps, routers, security cameras, and other products across dozens of manufacturers, making them susceptible to service attacks or even hijacking.

Many RTOs employed in always-on devices incorporate the Interpeak code, including at least seven RTOs that operate in industrial Internet of Things devices.

The bugs' long persistence is rooted in the same deployment of network protocols comprising the device/network connection-enabling TCP/IP stack.

Armis is issuing an open source tool to detect potentially vulnerable devices on their network and determine possible defensive strategies.

From Wired
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account