The IBM information team, known as the "X -red force", announced that more than three billion units of units attached to the Internet of Things systems, which are widespread around the world, have a serious security loophole, allowing Internet criminalsThe electronic space is completely controlled by these units, and then influencing and manipulating the associated systems, to produce products that include manufacturing defects, cutting electrical current, or changing the results of diagnoses and pharmaceutical doses of patients, etc..The team said that, in cooperation with the company that produced these units, he corrected the vulnerability, and provided a security update to them.
Electronic chip
جاء في بيان نشره الفريق على غرفة الأخبار، في موقع شركة «آي بي إم»، أن الثغرة الجديدة موجودة في البرمجيات المدمجة بElectronic chip تنتجها شركة «تاليس» الفرنسية تحت اسم «سنتيريون إي إتش إس إم تو إم»، المصممة لإنشاء قنوات اتصال لاسلكية مؤمنة عبر شبكات الجيلين الثالث والرابع من الشبكات المحمولة، ويتم تثبيتها داخل الوحدات العاملة في أنظمة أنترنت الأشياء في المصانع وقطاع الطاقة والمستشفيات.
He explained that there are more than three billion actual operating slides around the world currently, and are present in different models of "Talis" devices, including the "BGS5" and "EHS5, 6 and 8", in addition to the "BD" deviceS5, 6 and 8, the ES 61 device, the ES81, and the BLS 62 device..
Details of the gap
The team indicated that the Sentreon EHSMOM segment is responsible for the task of sending and receiving data, to and from the Internet of Things, which is the similarity of the "modem" unit known in computers and phones, and the gap lies in a defect with software developed in the language of "Java" programmingInstalled on the slide, any striker or hacker can use it to install a harmful file on the slide, named "Java Midlitz", and as soon as it is installed, the attacker can change the unit settings at its lowest levels, and then manipulate it.
Diagnosis
وأكد الفريق أنه تمكن خلال عمليات الفحص والDiagnosis من تجاوز تطبيق «جافا»، وإعادة التحكم إلى المستوى المنخفض، ومن ثم التحكم في الوحدة بشكل مباشر، ما يعني أن المهاجمين والمخترقين باستطاعتهم تنفيذ الأمر نفسه، وتشغيل أوامر قياسية للوحدة النمطية، صادرة عنهم وليس عن النظام الملحقة بها.He added that installing the harmful "Java Midlitz" file leads to making the matter very dangerous, because it copies the standard orders issued by the attacker to the storage area secure unity, originally designed for writing only, so the attacker has the full ability to read, write and delete together, which leads to revelationOn the full logic of any application the unit is working on, including any secrets that include passwords, encryption switches, and other sensitive data, as well as it makes the theft of the Internet protocol, which the unit is working on is a very simple process..
Dangerous
The IBM team pointed out that the striker who can carry out the attack in the way the team carried out, during the examination and testing, will be able to control any device, or access the central control network in which this device operates, to launch large -scale attacks, Through the third and fourth generations of the mobile.
وأوضح أنه لو حدث هجوم من هذا النوع على مستشفى مثلاً، فيمكن للمهاجم التلاعب بالأجهزة الطبية التي يخترقها ليغير من نتائج الDiagnosisات والتحليلات والقياسات الحيوية للمرضى، لإيجاد حالات ذعر كاذبة، أو تحديد جرعة زائدة لأحد المرضى، أو قطع الوظائف الأساسية المنقذة للحياة عن البعض الآخر، وفي قطاع الطاقة والمرافق، أفاد الفريق بأنه يمكن تنفيذ هجوم يعيد معالجة قراءات العدادات الذكية، أو إغلاق العدادات لقطع التيار الكهربائي عن بعض المناطق، أو إتلاف شبكة الطاقة نفسها.
The necessity of correction
The IBM information team advised the institutions that have devices that use any of the segments produced by the company "Talis", to immediately accelerate the security correction of the discovered loophole with a rethinking of the data it stores and sensitive information on the Internet of Things, and the use ofBehavioral analysis to determine whether there is any unusual activity that occurs, and to perform "white moral penetration attacks" periodically, to verify safety levels and detect any infiltrators.
Shareطباعةفيسبوك تويتر لينكدين Pin InterestWhats App