100M IoT Devices Exposed By Zero-Day Bug

Threat Post -

A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.

A flaw in a widely used internet-of-things (IoT) infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks.

Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real time, then acts as a “message broker” to deliver alerts that atypical activity has been detected. EMQ’s products are used to monitor the health of patients leaving a hospital, to detect fires, monitor car systems, in smartwatches, in smart-city applications and more.

“Guardara used its technology to detect multiple issues…that caused EMQ’s NanoMQ product to crash during testing,” the company said in a press statement. “The existence of these vulnerabilities means that any NanoMQ reliant system could be brought down completely.”

Guardara CEO Mitali Rakhit told Threatpost that the vulnerability (no CVE assigned) was given a CVSS score of 7.1, making it high-severity.

“How dangerous it is depends on what setting NanoMQ is used in,” Rakhit added.

The bug is caused by improper restriction of operations within the bounds of a memory buffer

Read More: https://threatpost.com/100m-iot-devices-zero-day-bug/174963/