12 wide-impact firmware vulnerabilities and threats
- by nlqip
Project Memoria and flaws in embedded TCP/IP stacks
Many consumer IoT devices nowadays, such as routers, modems, network-attached storage (NAS) boxes, and network video recorders (NVRs) use firmware based on the Linux kernel. But industrial and medical embedded devices still rely on proprietary real-time operating systems (RTOSes) such as VxWorks for their firmware.
Even though this means there is more firmware diversity in the industrial IoT world, there are still some components that can be shared by different RTOSes, including TCP/IP stacks. These complex codebases implement some of the Internet’s core protocols — DNS, HTTP, FTP, ARP, ICMP, etc. — and were written decades ago as proprietary libraries that were then sold to embedded operating system vendors.
In 2020, researchers from security firm Forescout in collaboration with universities and other companies launched a project to analyze proprietary TCP/IP stacks used in industrial devices. Known as Project Memoria, the research lasted 18 months and led to the discovery of 104 vulnerabilities, many critical, in multiple TCP/IP stacks and libraries used in over 250,000 embedded device models from more than 500 vendors.
Source link
lol
Project Memoria and flaws in embedded TCP/IP stacks Many consumer IoT devices nowadays, such as routers, modems, network-attached storage (NAS) boxes, and network video recorders (NVRs) use firmware based on the Linux kernel. But industrial and medical embedded devices still rely on proprietary real-time operating systems (RTOSes) such as VxWorks for their firmware. Even though…
Recent Posts
- Tenable Selected by Bank of Yokohama to Secure its Active Directory and Eliminate Attack Paths
- CISA warns of actively exploited Apache HugeGraph-Server bug
- Suspects behind $230 million cryptocurrency theft arrested in Miami
- Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation
- Microsoft Edge will flag extensions causing performance issues