"100M IoT Devices Exposed By Zero-Day Bug"

Researchers at Guardara have discovered a flaw in a widely used internet-of-things (IoT) infrastructure code that left more than 100 million devices across 10,000 enterprises vulnerable to attacks.  Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real-time, then acts as a “message broker” to deliver alerts that a typical activity has been detected. EMQ’s products are used to monitor the health of patients leaving a hospital, detect fires, monitor car systems, in smartwatches, in smart-city applications, and more.  The researchers stated that their technology discovered multiple issues that caused EMQ’s NanoMQ product to crash during testing.  The researchers also noted that the existence of these vulnerabilities means that any NanoMQ reliant system could be brought down completely.  The vulnerability (no CVE) was assigned a CVSS score of 7.1, making it high-severity.  How dangerous it is depends on what setting NanoMQ is used in the researchers stated.

Threatpost reports: "100M IoT Devices Exposed By Zero-Day Bug"