|Home||Internet of Things||Aerospace||Apparel||Energy||Defense||Health Care||Logistics||Manufacturing||Retail|
Known Security Vulnerabilities Are a Hacker's Guide to an IoT Breach
The Internet of Things is a powerful trend, but its growth could be hindered by unpatched open-source vulnerabilities.
They Hide in the Code
Newer versions of OSS components are available without security vulnerabilities. The challenge for OEMs and software-development teams is to accurately and effectively track all open-source software components in their internally developed and externally sourced code—a nearly impossible task.
Such difficulty is partly due to the software development and procurement model. It is also attributable to the fact that development teams often receive third-party software in binary format.
First Scan the Binary for Known Security Vulnerabilities, Then Look for Logic or Programming Errors
Nevertheless, scanning binary code for known security vulnerabilities has the greatest potential for reducing the vast majority of hacking incidents. For some time, development and quality-assurance teams have employed checksum and hash-based binary code scanners. While they have been reasonably effective, the tools have been constrained by limited databases of pre-compiled binaries of the most commonly used open-source components.
At present, development, security and software provisioning teams can leverage binary code scanners that use code fingerprinting. The tools extract "fingerprints" from a binary to be examined, and then compare them to the fingerprints collected from open-source components hosted in well-known, open-source repositories. Once a component and its version are identified through this fingerprint matching, development and security teams can easily find known security vulnerabilities associated with the component from vulnerability databases, such as NVD.
The IoT is a powerful trend. Yet its growth could be hindered by unpatched open-source security vulnerabilities, which offer hackers opportunities to easily impair brands and generate potentially significant corporate losses. By leveraging binary code scanners, OEMs and MSPs, as well as IT, development and security teams, can implement the optimal means to find and shut down IoT device and network security vulnerabilities, reducing the possibility of hacker attacks.
Tae Jin (TJ) Kang is a technology industry executive and entrepreneur. He is the president and CEO of Insignary. In addition to founding a number of successful technology startups, TJ has held senior management positions with several global technology leaders, including Korea Telecom and Samsung Electronics, among others.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
|RFID Journal LIVE!||RFID in Health Care||LIVE! LatAm||LIVE! Brasil||LIVE! Europe||RFID Connect||Virtual Events||RFID Journal Awards||Webinars||Presentations|