Firmware scan finds thousands of vulnerable devices

There’s no shortage of threats to systems that IT pros have to worry about. But researchers have found even more vulnerabilities are soon to arrive, courtesy of backdoors and vulnerable firmware. 

In a paper due to be presented at the upcoming Usenix Security Symposium in San Diego, Eurecom researchers scanned 32,000 firmware images for known vulnerabilities.

They found:

  • 38 previously known vulnerabilities in firmware
  • 123 different products affected by vulnerabilities, and
  • at least 140,000 total vulnerable products.

Backdoors, a security vulnerability in the code that allows unauthorized access, also posed a major problem. The researchers found 35,ooo devices were using self-signed certificates, an insecure method for encryption.

Fast, cheap and out of control

As a researcher told ComputerWorld, part of the issue with these vulnerabilities is that manufacturers are in a hurry to get connected devices out to the public. Unlike computer and phone manufacturers, who regularly update security, with Internet of Things devices:

“You have to be first and cheap. All of those things are what you should not do if you want a secure device.”

That creates a nightmare situation for IT departments trying to secure devices.

Check regularly for firmware updates to be sure all your devices, including routers, are running the most up-to-date versions.

And stick with manufacturers that are known names for security. Flashes-in-the-pan won’t continue to update firmware, leaving devices vulnerable.