Skip to main content

Helping researchers with IoT firmware vulnerability discovery

posted onNovember 19, 2018
by l33tdawg
Help Net Security
Credit: Help Net Security

John Toterhi, a security researcher with IoT security company Finite State, believes that many of the security problems plaguing IoT devices are solvable problems through transparency.

“Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best security talent to find bugs, disclose them responsibly, and improve security for their customers. Without this transparency they exclude so many responsible researchers and enable threat actors who easily obtain their firmware through chip extraction, man-in-the-middling updates, and stealing firmware from update servers,” he told Help Net Security.

Toterhi and his colleagues have analyzed over 200,000 firmware images from 76 unique manufacturers across many different products: SOHO routers, cameras, televisions, enterprise network appliances, cell phones, medical devices, printers, home/building automation controllers, and more. Luckily, they had the company’s analytics system at their disposal to tackle such a mammoth task.

Source

Tags

HITB hitb2018dxb Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th