Known Security Vulnerabilities Are a Hacker's Guide to an IoT Breach

The Internet of Things is a powerful trend, but its growth could be hindered by unpatched open-source vulnerabilities.
By Tae Jin (TJ) Kang

Known Security Vulnerabilities
More than 90 percent of the software written these days integrates open-source code. Such code is used in IoT firmware, operating systems, network platforms and applications. This trend will only continue to grow because, by leveraging open-source, developers can lower assembly costs and quickly add innovations, thereby saving months or years of originally required development time.

Whether software code is proprietary or open-source, it harbors security vulnerabilities. Supporters of open-source argue that the accessibility and transparency of the code allow the "good guys"—corporate quality-assurance teams, white-hat hackers or open-source project groups—to find bugs faster.

Critics contend that more attackers than defenders examine the code, resulting in a net effect of higher incidents of vulnerability exploits. Fortunately, the open-source community rallies to address vulnerability issues. Once open-source vulnerabilities are discovered, they are quickly and publicly catalogued and patched.

Why Hackers Love Known Open-Source Security Vulnerabilities
Because of its transparency, open-source code tends be better engineered than a comparable piece of proprietary code. And thanks to its superior quality and flexibility, open-source code is used more widely than its "closed code" counterpart. This means that a security vulnerability in a piece of open-source code is likely to be found across a multitude of applications and platforms. Consequently, OSS vulnerabilities become an easy and efficient target for hackers.

Additionally, known security vulnerabilities are essentially a roadmap for hackers to explore and exploit security issues within various connected systems—operating systems, Web platforms, Web applications and client applications, among many others. The accessibility of the OSS community provides hackers with ready-made lists of security vulnerabilities that they can exploit if IoT OEMs and their third-party development teams have not patched the software.

In fact, the unpatched security vulnerability is the inflection point at which government and corporate software distribution and security teams are most at odds with the bad-actor hackers. This begs an important question: If known security vulnerabilities are the easiest exploit for hackers, why is it a challenge for the OEMs, ISVs, MSPs, and IT and security teams to hinder their attacks?

JOIN THE CONVERSATION ON TWITTER
Loading
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations