acm-header
Sign In

Communications of the ACM

ACM TechNews

Microsoft Finds Memory Allocation Holes in Range of IoT, Industrial Technology


View as: Print Mobile App Share:
Artist's impression of chips potentially affected by the poor memory allocation operations.

The security research group for Microsoft's Azure Defender for IoT found a batch of bad memory allocation operations in code used in Internet of Things and operational technologies that could lead to malicious code execution.

Credit: iStock

The security research unit for Microsoft's new Azure Defender for IoT product discovered a number of poor memory allocation operations in code used in Internet of Things (IoT) and operational technology (OT), like industrial control systems, that could fuel malicious code execution.

Dubbed BadAlloc, the exploits are associated with improperly validating input, which leads to heap overflows.

The team, called Section 52, said the use of these functions becomes problematic when passed external input that can trigger an integer overflow or wraparound as values to the functions.

Microsoft said it alerted the affected vendors (including Google Cloud, ARM, Amazon, Red Hat, Texas Instruments, and Samsung Tizen) and patched the vulnerabilities in cooperation with the U.S. Department of Homeland Security.

The team recommended the isolation of IoT devices and OT networks from corporate information technology networks using firewalls.

From ZDNet
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account