Millions of IoT Devices Exposed to Hacking Due to Amnesia:33 Vulnerability, Research Shows

Must read

How to disable and delete Samsung Pay from your Galaxy phone

When it comes to paying conveniently, Samsung Pay makes using your phone as a bank card an easy process; however, there may come...

Sony Xperia Compact to make a 2021 revival

Small phones are likely making a comeback thanks to Apple’s iPhone 12 Mini, and as it turns out one of the most popular...

How to Link Disney+ to Google Assistant

Chromecast, Android TV, and Smart Displays work great with Google Assistant. You can easily use your voice to start playing movies and TV...

How to sideload any application on Hisense smart TVs

Televisions, streaming sticks, and set-top boxes with Android TV have access to millions of applications through the Google Play Store. However, there are...
Bhawani Singhhttps://techmepro.com
I am a blogger who believes in delivering latest tech news from around the world to my viewers.

Researchers at a cybersecurity firm say they have identified vulnerabilities in software widely used by millions of connected devices — flaws that could be exploited by hackers to penetrate business and home computer networks and disrupt them.

There is no evidence of any intrusions that made use of these vulnerabilities. But their existence in data-communications software central to Internet-connected devices prompted the US Cybersecurity and Infrastructure Security Agency to flag the issue in an advisory.


Potentially affected devices from an estimated 150 manufacturers range from networked thermometers to “smart” plugs and printers to office routers and healthcare appliances to components of industrial control systems, the cybersecurity firm Forescout Technologies said in a report released Tuesday. Most affected are consumer devices including remote-controlled temperature sensors and cameras, it said.

In the worst case, control systems that drive “critical services to society” such as water, power and automated building management could be crippled, said Awais Rashid, a computer scientist at Bristol University in Britain who reviewed the Forescout findings.

In its advisory, CISA recommended defensive measures to minimise the risk of hacking. In particular, it said industrial control systems should not be accessible from the internet and should be isolated from corporate networks.


The discovery highlights the dangers that cybersecurity experts often find in Internet-linked appliances designed without much attention to security. Sloppy programming by developers is the main issue in this case, Rashid said.

Addressing the problems, estimated to afflict millions of devices, is particularly complicated because they reside in so-called open-source software, code freely distributed for use and further modification. In this case, the issue involves fundamental internet software that manages communications via a technology called TCP/IP.

Fixing the vulnerabilities in impacted devices is particularly complicated because open-source software isn’t owned by anyone, said Elisa Costante, Forescout’s vice president of research. Such code is often maintained by volunteers. Some of the vulnerable TCP/IP code is two decades old; some of it is no longer supported, Costante added.

It is up to the device manufacturers themselves to patch the flaws and some may not bother given the time and expense required, she said. Some of the compromised code is embedded in a component from a supplier — and if no one documented that, no one may even know it’s there.

“The biggest challenge comes in finding out what you’ve got,” Rashid said.

If unfixed, the vulnerabilities could leave corporate networks open to crippling denial-of-service attacks, ransomware delivery or malware that hijacks devices and enlists them in zombie botnets, the researchers said. With so many people working from home during the pandemic, home networks could be compromised and used as channels into corporate networks through remote-access connections.

Forescout notified as many vendors as it could about the vulnerabilities, which it dubbed AMNESIA:33. But it was impossible to identify all affected devices, Costante said. The company also alerted U.S., German and Japanese computer security authorities, she said.

The company discovered the vulnerabilities in what it called the largest study ever on the security of TCP/IP software, a year-long effort it called Project Memoria.


Are Micromax In 1b, In Note 1 good enough to take the brand to the top in India?? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Source link

More articles

Leave a Reply

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

- Advertisement -

Latest article

Immune system of recovered Covid-19 patients may evolve to fight coronavirus variants: Study

NEW YORK: People who recover from Covid-19 are protected against the novel coronavirus for at least six months, and likely much longer, according...

Apple warns MagSafe users with medical implants to keep a safe distance

Earlier in January, a medical study done by the Heart Rhythm Society (first spotted by MacMagazine) suggested the iPhone 12 and MagSafe accessories...

Holy Crap! Homestar Runner Lives On Thanks to Ruffle Project! – Review Geek

If you’re an adult of a certain age, you might remember Homestar Runner. Or more likely, Strong Bad’s emails. Homestar Runner was one...

Welcome to TechRadar’s LGBTQ+ Gaming Week 2021

Welcome to TechRadar’s LGBTQ+ Gaming Week 2021, a week-long celebration during which we're inviting LGBTQ+ gamers to tell their stories, and explore topics...

Samsung Galaxy Tab S7 Lite Could Be in Development, Galaxy Tab A 10.1 (2021) Leaked in Alleged CAD Renders

Samsung Galaxy Tab S7 Lite could be in the works and come in Wi-Fi, LTE, and 5G variants, a new report suggests. The...
- Advertisement -