Information Security News mailing list archives
Firms Slow To Secure Flaws In Embedded Devices
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 23 Nov 2011 01:33:09 -0600 (CST)
http://www.darkreading.com/vulnerability-management/167901026/security/security-management/232200133/firms-slow-to-secure-flaws-in-embedded-devices.html By Robert Lemos Contributing Editor Dark Reading Nov 22, 2011At the Black Hat Security conference earlier this year, Jerome Radcliffe, a security researcher who has diabetes, showed off weaknesses in the security of a popular insulin pump. Last month, another researcher at security firm McAfee expanded on the attack, showing how the pumps could be easily attacked and that manufacturers were unprepared to fix the problem.
The hack of the insulin pump demonstrates a major problem with embedded devices: Most systems were never designed to be easily updated. With researchers increasingly looking at software systems embedded in automobiles, network routers, printers, and industrial control systems, a growing number of vulnerabilities will be found. Yet fixing those flaws in the field is not easy, says Stuart McClure, general manager of risk and compliance for McAfee.
"It takes a year to get any bit on the device changed," he says. "It is a big problem that has to be overcome in order to secure the systems."
Android phones are another example. While Google fixes the flaws on the devices quickly, many patches languish in manufacturers' development shops or in quality assurance testing at the carrier.
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Firms Slow To Secure Flaws In Embedded Devices InfoSec News (Nov 22)