Communications of the ACM

Home/News/Critical Flaws in Millions of IoT Devices May Never.../Full Text

ACM TechNews

Critical Flaws in Millions of IoT Devices May Never Get Fixed

By Wired
December 9, 2020
Comments

View as: Print Mobile App Share:

The flaws in the so-called TCP/IP stacks affect devices that offer no clear path to patching. — Forescout researchers found vulnerabilities in seven open source TCP/IP stacks.

Credit: Sam Whitney/Getty Images

Internet of Things (IoT) security firm Forescout uncovered 33 flaws, collectively labeled Amnesia:33, in seven open source TCP/IP stacks that potentially leave millions of IoT devices vulnerable.

Many of the bugs were basic programming errors, like missing input validation checks that keep a system from accepting problematic values or operations.

Patching these flaws is difficult if not impossible, as five stacks have been around for nearly two decades, while two have circulated since 2013; this means numerous versions and variants exist, with no central authority to issue fixes.

Moreover, manufacturers who have incorporated the code into their products would have to proactively adopt the correct patch for their version and deployment, then circulate it to users.

Said Forescout’s Elisa Costante, "What scares me the most is that it’s very difficult to understand how big the impact is and how many more vulnerable devices are out there."

From Wired
View Full Article

No entries found

Critical Flaws in Millions of IoT Devices May Never Get Fixed

Humanoid Robot Acts Out Prompts Like It's Playing Charades

Gaining Benefit from Artificial Intelligence and Data Science: A Three-Part Framework

The Role of Autonomous Machine Computing in Shaping the Autonomy Economy