A cybersecurity team of researchers has unearthed vulnerabilities included in foundational, open source software used in “millions” of smart home and the Internet of Things (IoT) devices.
Agency Forescout Research Labs announced on its Website that ‘AMNESIA:33’ was a set of 33 vulnerabilities that impacted four open-source TCP/IP stacks (uIP, FNET, picoTCP and Nut/Net), which collectively served as the foundational components of millions of connected devices worldwide. These vulnerabilities primarily caused memory corruption, allowing attackers to compromise devices, execute malicious code, perform denial-of-service attacks and steal sensitive information.
Most of the affected devices are consumer-facing products like remote temperature sensors and cameras. However, they can range from simple smart plugs and office routers, to industrial control system components and healthcare appliances.
Video and Image credit: Forescout