Millions of Windows and Linus Systems are Vulnerable to this ‘Hidden’ Cyber Attack
Updated: Apr 24, 2020
Hardware-level vulnerabilities or intentionally included back doors have been a problem for at least 20 years. The recently published Forbes article “Millions Of Windows And Linus Systems Are Vulnerable To This ‘Hidden’ Cyber Attack” cites only 5 years but, I can tell you first-hand that embedded hacking has existed and been published by 31,337 hacking groups for as long as I have been in InfoSec.
The major issue with firmware is that it can affect any device. It does not matter what Operating System is being used, so long as the hardware can be invoked in some way. While computers and smartphones are problematic, this problem highlights the “wild west” problem we have with the Internet of Things (IoT). The average person does not consider the range of attack surfaces this encompasses.
Examples of the Internet of Things in our everyday lives includes:
Smart home devices
Senior care devices
Medical and healthcare technology
Vehicle-to-Everything (V2X) communication
Building and home automation
Metropolitan scale deployments
Internet of Battlefield Things (IoBT)
Ocean of Things (OoT)
To counter IOT threats, some recommended approaches include:
Patch management that incorporates firmware updates
Vendor risk management programs that include procurement from trusted sources
Endpoint protection that includes Endpoint Detection and Response (EDR)
Security Information and Event Management (SIEM)
Network Behavior Anomaly Detection (NBAD) (sometimes called NAD)
The US Government has long been concerned about chip-level root kits. This topic is something l organizations should pay close attention to. Beyond the normal occurrence of programming errors, there are a lot of ways to break into your professional and personal IOT environment. Don’t make it easy for the bad guys!
Want to learn more? Contact Nth Generation to find out how we can help you secure your data on IoT devices. Call (800) 548-1883 or email firstname.lastname@example.org.