Vulnerability In Java-powered 3G System Could Impact Millions Of IoT Devices

By   ISBuzz Team
Writer , Information Security Buzz | Aug 23, 2020 08:13 pm PST

A vulnerability in Thales’ Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday, as reported by The Register. The bug (CVE-2020-15858), was discovered by IBM’s X-Force Red and disclosed to Thales, who addressed it in a patch made available to IoT vendors in February. This vulnerability makes it possible for a potential attacker to extract the code and other resources from a vulnerable device. When bad actors have this information, they could then reverse-engineer it to find further vulnerabilities to exploit, and secret keys and passwords to extract, possibly leading to miscreants hijacking the hardware and/or gaining access to its network.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Global Cyber Security Advisor
August 24, 2020 4:15 am

The importance of patching has never been so vital, but when it comes to the internet of things, people tend to favour convenience over protection.

IoT devices are notorious for weak security and a lack of updates from users. However, once a threat actor has access via an insecure device, they can penetrate other, more important devices behind the firewall and deploy further devious attacks.

If your IoT device offers auto updating and two factor authentication then it is vital that they are implemented.

Last edited 3 years ago by Jake Moore

Recent Posts

Would love your thoughts, please comment.x