Security News > 2020 > August > IBM finds vulnerability in IoT chips present in billions of devices
A security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial, and medical devices open to attackers.
EHS8 modules are built for industrial IoT machines that operate in factories, the energy sector, and medical roles, and are designed to create secure communication channels over 3G and 4G networks.
Luckily, Thales has been working with IBM since it discovered the vulnerability in September 2019, and has released a security patch for affected devices, which includes Thales' BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, and PLS62 modules as well.
As IBM notes, the role that machines with EHS8 modules fill makes this a critical security flaw.
The vulnerability stems from the embedded Java environment, which allows the installation of Java midlets for customization of the module.