Embedded devices, especially those designed for industrial automation that have long shelf lives, are known to use a mixture of in-house and third-party code that was created at a time when software vulnerabilities were not as well understood as today. Critical flaws found in proprietary components that hardware vendors have widely used for years have far-reaching implications. Patching is not always an option.
[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ]This is highlighted by the findings over the past year of researchers from Forescout Research Labs and JFrog Security Research, who have investigated the TCP/IP stacks used in a variety of IoT and other embedded systems. This has resulted in major flaws being identified that impact millions of devices in reports such as Ripple20, NAME:WRECK, NUMBER:JACK or AMNESIA:33.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
