Forgot your password?
typodupeerror
Security Encryption Linux

Study: Firmware Plagued By Poor Encryption and Backdoors 141

Posted by Soulskill
from the how-the-sausage-is-made dept.
itwbennett writes: The first large-scale analysis of firmware has revealed poor security practices that could present opportunities for hackers probing the Internet of Things. Researchers with Eurecom, a technology-focused graduate school in France, developed a web crawler that plucked more than 30,000 firmware images from the websites of manufacturers including Siemens, Xerox, Bosch, Philips, D-Link, Samsung, LG and Belkin. In one instance, the researchers found a Linux kernel that was 10 years out of date bundled in a recently released firmware image. They also uncovered 41 digital certificates in firmware that were self-signed and contained a private RSA encryption key and 326 instances of terms that could indicate the presence of a backdoor.
This discussion has been archived. No new comments can be posted.

Study: Firmware Plagued By Poor Encryption and Backdoors

Comments Filter:
  • Re:Of course (Score:4, Informative)

    by Lazere (2809091) on Tuesday August 12, 2014 @05:14PM (#47658213)

    Once you have IPV6, with no (supposed) need for firewalls.

    Why does somebody always have to trot this out? IPV6 does not mean no need for firewalls. It means no need for NAT. These are not the same thing. Please, please stop spewing this crap.

It is not for me to attempt to fathom the inscrutable workings of Providence. -- The Earl of Birkenhead

Working...