While we may not want to read about new potential threats and vulnerabilities associated with IoT devices, we can’t ignore the fact that more are discovered on a regular basis. Recently, 33 flaws were identified in an open source internet protocol bundle. Dubbed Amnesia:33, the group of vulnerabilities is predicted to impact millions of devices from many vendors, and affected devices and equipment can span from the smart home to the enterprise.
The open source stacks impacted by these vulnerabilities have been around for quite some time, making it extremely difficult to determine the extent of the vulnerability and to properly oversee the patching process (which can be even more challenging). This is just another example of how IoT device security continues to remain an important issue that doesn’t get the attention it deserves during the design, development, or maintenance of IoT systems and applications.
When we build IoT systems, we use open source frameworks and code when appropriate. However, we always include those open source protocols in our IoT security testing to make sure we aren’t adding vulnerabilities unknowingly. We also keep a record of all open source frameworks and code used on a project, so when stories such as this emerge, we know if anything we have built needs to be updated. We recommend everyone take the same precautions, so you’re not exposing your business and data.