"Remote Exploit Flaw Found in Millions of Connected IoT Devices"

IBM X-Force Red security researchers found a security flaw in components manufactured by Thales, which are included in millions of Internet of Things (IoT) devices. Thales produces components for over 3 billion devices used by 30,000 companies in different sectors, including healthcare. An attacker can remotely exploit the IoT vulnerability to control a device or access an enterprise network. The vulnerability can be found in Thales' Cinterion EHS8 M2M module, which has been installed in millions of connected devices within the last ten years. Other modules in Thales' products that are impacted by the vulnerability include BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, and PLS62. These modules are mini circuit boards that provide IoT devices the capability of mobile communication. They store and run Java code containing passwords, encryption keys, and other confidential information. If a hacker were to gain direct control of an unpatched module, they could instruct a device to give a medical patient an excess amount of medication or disrupt a power grid. This article continues to discuss the IoT vulnerability in relation to where it was discovered, what its exploitation could allow hackers to do, and its patching process.

HealthITSecurity reports "Remote Exploit Flaw Found in Millions of Connected IoT Devices"