Wednesday, May 22, 2013

Suppliers of embedded systems pose a threat to cyber security

Moore said that the big problems also exist in the supply chain embedded systems.

Speaking at a conference AusCERT 2013, HD Moore, developer of Metasploit, accused of negligence of suppliers of embedded systems. According to him, they pose a threat to cyber security of computer networks.

HD Moore said that while system administrators do their job adequately to protect the system, they can not cope with the threats that pose the modems, routers, telephones, etc., because the manufacturers of embedded systems, "in general, do not care about cyber security. "

At the conference, Moore presented the results of a large-scale scanning of address space IPv4, TCP, and given the UDP-based services, which allowed him to discover a large number of vulnerabilities.

The developer said he was outraged by the fact the producers of unprotected embedded systems provide to their users, and even in the presence of known vulnerabilities refuse to correct them.

Sets network protocol UPnP, which are popular are also very vulnerable, and 63% of the devices that work with UPnP, open access, which also puts them at risk.

Moore said that there are big problems in the supply chain of embedded systems: they send one supplier, the module is configured by another company, the integration into the finished version of the system conducted by a third, and marked - the fourth. In this case, none of the companies is not going to protect their end users.

"It is not going to happen really bad security incident did not remedied" - summed up Moore.

No comments:

Post a Comment