Security News > 2021 > September > 100M IoT Devices Exposed By Zero-Day Bug
A flaw in a widely used internet-of-things infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks.
Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real time, then acts as a "Message broker" to deliver alerts that atypical activity has been detected.
MQTT is a messaging protocol standard for IoT, designed as an extremely lightweight publish/subscribe messaging transport for connecting remote devices with a small code footprint, requiring minimal network bandwidth.
"The technology within NanoMQ is used for collecting real-time data from common devices including smartwatches, car sensors and fire-detection sensors. Message brokers are used to monitor health parameters via sensors for patients leaving hospital, or motion detection sensors to prevent theft."
The software developer has issued fixes; users of devices that incorporate NanoMQ should check with their vendors for an update to device firmware.
Kaspersky released a report earlier this month that showed a more than 100 percent jump in cyberattacks on IoT devices during the first half of 2021, with a staggering 1.5 billion attacks launched so far this year.
News URL
https://threatpost.com/100m-iot-devices-zero-day-bug/174963/