http://www.darkreading.com/vulnerability-management/167901026/security/security-management/232200133/firms-slow-to-secure-flaws-in-embedded-devices.html By Robert Lemos Contributing Editor Dark Reading Nov 22, 2011 At the Black Hat Security conference earlier this year, Jerome Radcliffe, a security researcher who has diabetes, showed off weaknesses in the security of a popular insulin pump. Last month, another researcher at security firm McAfee expanded on the attack, showing how the pumps could be easily attacked and that manufacturers were unprepared to fix the problem. The hack of the insulin pump demonstrates a major problem with embedded devices: Most systems were never designed to be easily updated. With researchers increasingly looking at software systems embedded in automobiles, network routers, printers, and industrial control systems, a growing number of vulnerabilities will be found. Yet fixing those flaws in the field is not easy, says Stuart McClure, general manager of risk and compliance for McAfee. "It takes a year to get any bit on the device changed," he says. "It is a big problem that has to be overcome in order to secure the systems." Android phones are another example. While Google fixes the flaws on the devices quickly, many patches languish in manufacturers' development shops or in quality assurance testing at the carrier. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Tue Nov 22 2011 - 23:33:09 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 22 2011 - 23:35:51 PST