Wired magazine is reporting on an emerging threat that’s making the internet vulnerable to attack: the iot vulnerability.
According to Wired, the vulnerability allows attackers to exploit a flaw in the way that iot devices are configured and are connected to the internet, allowing them to remotely compromise the devices.
The exploit, if discovered, would allow a remote attacker to remotely log onto a device, steal data from the device and then install malicious code on it, the magazine says.
The article cites two companies that have publicly disclosed the issue: Microsoft and Oracle, which both have software products designed to address the issue.
“The attack could be used by a hacker with a single device to exploit an existing flaw in iot’s security,” the Wired article says.
“If an attacker has compromised one device, they can then leverage the other device’s configuration to gain access to other iot-connected devices, potentially compromising them and potentially taking control of them.”
The attack was discovered by Microsoft researcher Mike Purdon in June.
IOT vulnerability can be exploited remotely, via browser exploit source Wired article Wired is reporting that an iot device could be remotely compromised by exploiting a flaw with the ios vulnerability.
If the exploit is discovered, an attacker could exploit the vulnerability by exploiting browser exploits.
In the article, Purdan notes that he discovered the vulnerability in February, and has reported it to Microsoft and Google, the companies that offer iot security solutions.
Purdon told Wired that he found the vulnerability while researching his own security research into iot and the internet of things, and was contacted by the iota company.
The iota device he was looking into is a Bluetooth-enabled smart car.
Google said that the vulnerability was patched in the latest version of the iots security software, Version 7.3.4, which is available for download from the company’s website.
The company added that Microsoft and Microsoft’s iot vendors, Xamarin and Google’s, have since made changes to their security policies.
“I have seen no evidence of the vulnerability being exploited,” Microsoft’s chief security officer Michael Alper told Wired.
“I’ve not seen evidence of it being exploited in production.
So that’s the only thing that’s causing me concern.”
The vulnerability is similar to one disclosed in March by the security firm Kaspersky Lab.
Kaspersk also reported that a similar flaw could be exploited by a remote attackers.
The vulnerability has been around for years, and Kaspersks research team, which included Purdun, said that it’s possible to exploit the flaw.
It’s possible, for example, to bypass a hardware password lock to allow an attacker to gain root access on a device.
“An attacker can use a specially crafted iot configuration to bypass the security mechanism of the device, thereby allowing remote attackers to take control of the system and gain root privileges on the device,” Kasperski wrote.
If an attack is discovered in this way, an administrator of the affected device could then install code that could execute arbitrary code, bypass any user-mode security restrictions and execute malicious code.
The vulnerabilities also affect iot tablets, which are designed to connect to the Internet via Wi-Fi.
Wired says that iots devices that are connected using a Bluetooth connection are not affected.
Wired reports that the iosphere vulnerability is being exploited by attackers who use browser exploits to exploit bugs in ios, and the researchers have no evidence that they have been used by the attackers.