A vulnerability in Thales’ Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday, as reported by The Register. The bug (CVE-2020-15858), was discovered by IBM’s X-Force Red and disclosed to Thales, who addressed it in a patch made available to IoT vendors in February. This vulnerability makes it possible for a potential attacker to extract the code and other resources from a vulnerable device. When bad actors have this information, they could then reverse-engineer it to find further vulnerabilities to exploit, and secret keys and passwords to extract, possibly leading to miscreants hijacking the hardware and/or gaining access to its network.
Vulnerability In Java-powered 3G System Could Impact Millions Of IoT Devices
Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics