In-brief: Researchers Chris Valasek and Charlie Miller are demonstrating wireless attacks on connected vehicles that can alter critical functions like braking and acceleration. (Added comments from Chris Valasek July 21, 2015 12:15 ET)
Search Results for "firmware"
Security Firms See Dollars In Taming IoT Insecurity
In-brief: Security firms Trustwave and IOActive both announced services promising to help aspiring IoT product firms secure their products, more evidence that the Internet of Things is producing secondary markets.
Whitehouse Taps Google Advanced Projects Lead for Software Safety Lab
In-brief: The Obama Whitehouse has tapped famed hacker Peiter Zatko (aka “Mudge”) to head up a new project aimed at developing an “underwriters’ lab” for cyber security.
IEEE Proposes Standards For Safe, Connected Health Products
In-brief: a new publication by IEEE lays out a “building code” for medical device makers to help address security and privacy issues in products.
NetUSB, IoT and Supply Chain Risk
If you want an object lesson in the dangers that await us on the Internet of Things, check out SEC Consult’s write up on NetUSB, a widely used technology developed by an obscure Taiwanese company that just happens to contain a nasty, remotely exploitable vulnerability. According to this alert, published on Tuesday, NetUSB “suffers from a remotely exploitable kernel stack buffer overflow” that could be used to run malicious code on affected devices. Even worse: the NetUSB component is ubiquitous – found in a long list of devices, from low-end wireless access points and broadband routers for small office and home office deployments to what SEC Consult called “high end devices…released very recently.” Networking devices from 26 vendors, including TP-Link, NetGear and others were found to use the NetUSB technology in their products. The vulnerability discovered by SEC Consult is straight-forward enough. According to their advisory, the NetUSB code does an inadequate […]
