100 million IoT devices affected by zero-day flaw
Vulnerability could affect car, fire detection, and patient data sensors
Researchers found the flaw in NanoMQ, an MQ Telemetry Transport (MQTT) messaging engine and multi-protocol message bus for edge computing that is used for collecting real-time data from smartwatches, car sensors, fire detection sensors, and more, according to researchers at cyber security firm Guardara.
The same technology is used to monitor health parameters via sensors for patients leaving the hospital and motion detection sensors to prevent theft.
The vulnerability could have significant implications for connected internet of things (IoT) devices dependent upon NanoMQ.
Zsolt Imre, founder and CTO of Guardana, said on GitHub the problem lies in the MQTT packet length. This messaging protocol for IoT devices is designed to be an extremely lightweight publish/subscribe messaging transport for connecting remote devices with a small code footprint and minimal network bandwidth.
Imre said when the MQTT packet length is tampered with and is lower than expected, a memcpy operation receives a size value that makes the source buffer location points to or into an unallocated memory area. “As a result, nanomq crashes,” he said.
HP Wolf Security: Threat insights report
Equipping security teams with the knowledge to combat emerging threatsFree download
“The problem seems to be with how the payload length is calculated,” Imre added. “Suspected that the unusual packet length ‘msg_len’ is a smaller value than ‘used_pos,’ therefore the subtraction results in a negative number. However, ‘memcpy’ expects the size as ‘size_t,’ which is unsigned. Therefore, due to the casting of a negative number to ‘size_t’, the length becomes a very large positive number (0xfffffffc in case of this proof of concept).”
According to Guardara, the flaw could potentially put millions of lives and significant property at risk. The flaw was discovered using a new testing tool developed by the firm.
Mitali Rakhit, CEO at Guardara, said even though some issues may not be exploitable for remote code execution, as we rely more and more on software in our daily lives: “Even a single crash could be fatal depending on the circumstance. Reliability and availability are critical due to a shift in the world being consumed by software.”
Upon discovering the vulnerability, Guardara notified EMQ immediately via its disclosure process. The company reacted and resolved the issue within a day.
Next-generation time series: Forecasting for the real world, not the ideal world
Solve time series problems with AIFree download
The future of productivity
Driving your business forward with Microsoft Office 365Free download
How to plan for endpoint security against ever-evolving cyber threats
Safeguard your devices, data, and reputationFree download
A quantitative comparison of UPS monitoring and servicing approaches across edge environments
Effective UPS fleet managementFree download