Microsoft uncovers flaws in systems used by IoT and OT devices

May 13, 2021

Researchers at Microsoft have discovered vulnerabilities in operating systems used by IoT and OT devices in commercial, medical, and industrial environments. The Azure Defender for IoT group at the Microsoft Security Response Center has revealed that such critical memory allocation flaws, dubbed BadAllocallow security controls to be bypassed in order to execute malicious code or cause systems to crash.

The vulnerabilities are present in memory allocation functions ranging from Real-Time Operating Systems (RTOS) Software Development Kits (SDKs) and C language libraries (libc).

Microsoft itself acknowledges that installing patches on IoT/OT devices can be complex, so it recommends trying to reduce the attack surface by minimizing the exposure of vulnerable devices on the Internet, monitoring networks for indicators of strange behavior, and strengthening the network segmentation process to protect critical assets.

As far as is known, the vulnerabilities have not been detected in the wild, but offer potential attackers a wide surface area to cause damage. The full list of affected products is available on the US Department of Homeland Security’s website.

Some experts point out that the rampant adoption rate of IoT devices is not necessarily good news, as security may have been left on the sidelines, opening up loopholes for attacks on devices and entire networks. A recent survey by Tripwire, which specializes in IT security and compliance automation, revealed that 99% of respondents said they have considerable difficulty when trying to secure IoT and IIoT (Industrial Internet of Things) devices. Two-thirds also said they face problems identifying and fixing

With the thought of helping developers, manufacturers, businesses, and consumers promote the security of IoT systems, OWASP (Open Web Application Security Project), a non-profit foundation working towards software security, maintains a list of the top 10 behaviors to avoid when it comes to the Internet of Things.

The truth is that there is a big disparity between how often the firmware of IoT devices is updated and how quickly vulnerabilities in their critical components are emerging. Who will lead this race in the coming years?

Related Article

Index measures companies’ readiness for IoT projects
Index measures companies’ readiness for IoT projects -

June 09, 2023

Engineer manager checking and controling automation robot arms machine Smart manufacturing: tangible results will be achieved in a year
Sheila Zabeu -

May 31, 2023

Credit: Jose-Luis Olivares/MIT with figure courtesy of the researchers New sensors keep IoT devices dormant to save energy
Sheila Zabeu -

May 22, 2023

Agtech sensor Sensors should help farmers save up to $6 billion a year
Sensors should help farmers save up to $6 billion a year -

May 19, 2023

Postes inteligentes Consortium updates protocol for lighting asset management
Consortium updates protocol for lighting asset management -

May 16, 2023

smart industry Industries underestimate complexity of IT/OT convergence
Industries underestimate complexity of IT/OT convergence -

May 11, 2023

Engineer working with automation robot arms machine in intelligent factory LoRaWAN standard is driving Industry 5.0 initiatives
Sheila Zabeu -

May 09, 2023

Researchers create method to extract lithium from hot deep water
Sheila Zabeu -

May 08, 2023

You need to subscribe, before you can post a message

Subscribe