A vulnerability in Thales' Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday by IBM's X-Force Red.
The bug (CVE-2020-15858), disclosed to Thales and addressed in a patch made available to IoT vendors in February, makes it possible for an attacker to, for instance, extract the code and other resources from a vulnerable device. This information could be reverse-engineered to find vulnerabilities to exploit, and secret keys and passwords to extract, potentially leading to miscreants hijacking the hardware and/or gaining access to its network.
Big Blue's infosec team contended that compromising a vulnerable Cinterion module could allow scumbags to, say, overdose patients with forced insulin pumps or interfere with the electrical grid. The flaw ..
Support the originator by clicking the read the rest link below.
