Microsoft uncovers flaws in systems used by IoT and OT devices

May 13, 2021

Researchers at Microsoft have discovered vulnerabilities in operating systems used by IoT and OT devices in commercial, medical, and industrial environments. The Azure Defender for IoT group at the Microsoft Security Response Center has revealed that such critical memory allocation flaws, dubbed BadAllocallow security controls to be bypassed in order to execute malicious code or cause systems to crash.

The vulnerabilities are present in memory allocation functions ranging from Real-Time Operating Systems (RTOS) Software Development Kits (SDKs) and C language libraries (libc).

Microsoft itself acknowledges that installing patches on IoT/OT devices can be complex, so it recommends trying to reduce the attack surface by minimizing the exposure of vulnerable devices on the Internet, monitoring networks for indicators of strange behavior, and strengthening the network segmentation process to protect critical assets.

As far as is known, the vulnerabilities have not been detected in the wild, but offer potential attackers a wide surface area to cause damage. The full list of affected products is available on the US Department of Homeland Security’s website.

Some experts point out that the rampant adoption rate of IoT devices is not necessarily good news, as security may have been left on the sidelines, opening up loopholes for attacks on devices and entire networks. A recent survey by Tripwire, which specializes in IT security and compliance automation, revealed that 99% of respondents said they have considerable difficulty when trying to secure IoT and IIoT (Industrial Internet of Things) devices. Two-thirds also said they face problems identifying and fixing

With the thought of helping developers, manufacturers, businesses, and consumers promote the security of IoT systems, OWASP (Open Web Application Security Project), a non-profit foundation working towards software security, maintains a list of the top 10 behaviors to avoid when it comes to the Internet of Things.

The truth is that there is a big disparity between how often the firmware of IoT devices is updated and how quickly vulnerabilities in their critical components are emerging. Who will lead this race in the coming years?

Related Article

Hart monitoring AI-powered sensor performs heart tests on the go
Sheila Zabeu -

February 09, 2023

Healthcare technology concept. 5G IoT: Healthcare and smart cities lead 5G adoption
Sheila Zabeu -

February 02, 2023

Industry,5.0,Robot Industry 5.0, the new paradigm
Cristina De Luca -

January 30, 2023

Choose an electric vehicle with Metaverse technology. Ready for the Machine Economy era?
Cristina De Luca -

January 30, 2023

electric power plug European standard without cable Standard could help eliminate batteries in IoT applications

Nikola Tesla’s dream for more than a century, wireless power transmission is becoming a reality day by day.

Sheila Zabeu -

January 24, 2023

Futuristic concept The future of infrastructure is both, sustainable and digital
Cristina De Luca -

January 20, 2023

smart building device Smart building solutions to move US$ 328.6 bn. by 2029

In 2023 and the coming years, new applications of technologies to make buildings smarter should emerge.

Sheila Zabeu -

January 18, 2023

Smart agriculture, farm , sensor technology concept Five trends in sensor technologies for IoT
Cristina De Luca -

January 05, 2023

You need to subscribe, before you can post a message

Subscribe

Stay ahead of news in the monitoring industry by subscribing to our weekly newsletter

Sign up for our weekly newsletter and don't miss any important news

This site is registered on wpml.org as a development site.