Microsemi Corporation, a provider of semiconductor solutions differentiated by power, security, reliability and performance, announced its products, including its field programmable gate arrays (FPGAs), are not affected by the recently identified security flaws associated with the use of x86 and ARM®and a number of other processors. The announcement comes as security researchers recently revealed major computer chip vulnerabilities, called Spectre and Meltdown, in chips—affecting billions of devices globally.
“As a leader in security, we strive to ensure our products are immune to both existing and potential new threats or vulnerabilities,” said Jim Aralis, chief technology officer and vice president of advanced development at Microsemi. “As soon as news broke about Meltdown and Spectre, Microsemi immediately assessed its existing products with thorough analysis of the architecture and intellectual property (IP) blocks with its internal security experts. The assessment clearly concluded that none of the processor cores embedded with the associated use models in Microsemi products are impacted by these weaknesses.”
Not only are Microsemi’s FPGAs not affected by Spectre or Meltdown, the company’s devices also offer multiple security layers for maximum protection. In addition to its SmartFusion™ and SmartFusion2 FPGAs, and communications and storage products—which do not have either security flaw—the company’s soft RISC-V core and its RISC-V IP provider are also unaffected by the security issues. As a leader in hardware security, Microsemi is well-known for its cybersecurity and malware expertise, offering customers the highest levels of design and data security.
Both Spectre and Meltdown affect speculative execution in modern computer chips, but they can be abused via various methods. Microsemi offers a heightened level of security in comparison to its competition with these vulnerabilities, as its hard and soft central processing units (CPUs) are not affected by this issue, and in fact enhance security protecting against various side channel attacks.
For more information about Microsemi’s FPGA security capabilities, click here.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
Read more here:: www.m2mnow.biz/feed/
By Susan Hamlin
We are celebrating our 20th anniversary this December and have found ourselves reflecting over these last two wonderful decades. One of the most important organizational objectives we have here at ARIN is our community outreach efforts. We make it a priority to reach out to you, our community, to provide the tools and advice you need when it comes to Internet number resources. We have hosted and attended an incredible number of events over the years, and thought it would be fun to look back and share where we’ve been and what we’ve accomplished with our community.
What kind of outreach do we do?
Each year, we host or attend a number of different events. Twice annually we hold our Public Policy and Members Meetings in the second and fourth quarters in various locations throughout our region. These meetings provide an opportunity for the entire Internet community to engage in policy discussions, network with colleagues, and attend workshops and tutorials. Everyone with an interest in Internet number resources is welcome to attend the Public Policy & Members Meetings and registration is free!
We also host many ARIN on the Road events around our region throughout the year. These free events provide local communities with the latest news from ARIN, covering everything from requesting IP addresses and Autonomous System Numbers (ASNs) to the status of IPv6 adoption, to current policy discussions, and updates about our technical services. Did you know that you can request an ARIN on the Road in your city, town, or metro area? I encourage you to send an email to firstname.lastname@example.org if you believe your local Internet community would be interested in participating.
While we do discuss IPv6 at ARIN on the Road, that is not the only way we continue to spread the word in support of IPv6 deployment. Our message has evolved since we started actively promoting IPv6 in 2007, when we set up our TeamARIN site and began exhibiting at major industry shows. Today we exhibit at fewer tradeshows, but we do send speakers to many events across a wide range of industries, where we encourage organizations to prepare for the future by enabling IPv6 on their websites.
Additionally, members of our team attend community events around the world. Whether it be other RIR meetings, Internet Governance events, or partners such as NANOG or CARIBNOG, we believe it’s important to show our support to the wider Internet community. For a full list of events we host or attend, check out our events page.
Where was our first meeting?
Our first members meeting took place in Chantilly, Virginia on 20 March 1998. Since then, we’ve held a total of 40 meetings over the last 20 years!
Where was our first AOTR?
Our first ARIN on the Road event was held in Phoenix, Arizona on 17 August 2010. Since then we have held an additional 46 AOTR events and counting!
How can you get involved?
Phew! As you can see, we’ve done a lot over the last 20 years, but we’ve only just begun. We plan to continue expanding our outreach efforts around our region, including a continued focus on the Caribbean, and it is all possible thanks to our wonderful community.
There are so many ways you can continue to get involved with ARIN, including:
- Subscribe to our mailing lists to discuss Internet number resource policy development and keep up with ARIN services and activities
- Attend an ARIN meeting – We have great remote participation capabilities if needed
- Don’t forget you can apply for a fellowship! We are accepting fellowship applications to ARIN 41 in Miami 15-18 April 2018
- Attend our ARIN on the Road events
- Member organizations, get involved in our election process
The post On the Road Again: Highlights from ARIN’s Outreach appeared first on Team ARIN.
Read more here:: teamarin.net/feed/
Cradlepoint, the provider in cloud-managed networking solutions over wired and wireless broadband, announced the general release of its NetCloud Perimeter service, a Software-Defined Perimeter solution that provides a private cloud network over any Internet connection to secure and isolate connected devices, including M2M, IoT and mobile devices. NetCloud Perimeter provides a modern, cloud-based alternative to traditional VPN technology that is easier to configure, deploy and scale.
A recent Cradlepoint-sponsored State-of-IoT report conducted by Spiceworks found 69% of the 400 businesses surveyed with 500 or more employees have deployed or plan to deploy IoT solutions within the next year. IoT is being adopted across a range of industries such as retail, manufacturing, healthcare and government. Of the deployment concerns cited in the survey, security and solution cost ranked highest at 41% and 35%.
Despite security concerns, 49% of businesses surveyed have deployed IoT devices on their existing enterprise network – creating a sizeable attack surface and new threat vectors that traditional network security tools can’t cover. For example, Internet-accessible security cameras can become infected by bot-net attacks, like Mirai, Reaper and IoTroop, and enable pivot attacks into enterprise IT systems.
“The growth of the IoT means the deployment of many more network-connected devices. For many organisations that don’t have the correct solutions in place, this is opening up more entry points for hackers to exploit, and leading to major security issues,” said Christian Renaud, research director, Internet of Things, 451 Research. “Organisations need to consider which network they run their IoT service on, and then ensure they manage the security of these networks, the IoT devices they plan to use and proactively protect themselves before any potential threats even appear.”
Connect, protect and isolate M2M, IoT and mobile devices
NetCloud Perimeter, part of Cradlepoint’s NetCloud platform, is a cloud service that shields enterprises from device-oriented threats by providing a private cloud network that overlays the Internet or enterprise network with a virtual perimeter to isolates and protects M2M, IoT and mobile devices. It further provides a closed, invitation-only network with its own private IP address space to cloak devices from the outside world.
Other unique benefits of NetCloud Perimeter include:
Simple to configure and deploy in minutes
Global footprint that is accessible from any wired or wireless connection
End-to-end visibility and control through NetCloud Manager
Micro-segment M2M, IoT and mobile devices by user, device and application
Configurable secure Internet egress protected by integral firewall and carrier-grade NAT
Active Directory and private DNS server integration shields against DNS-related threats.
When deployed over 4G LTE, NetCloud Perimeter’s encrypted and fully switched overlays can reduce the need for costly and complex private Access Point Networks (APNs) and static IPv4 addresses that are scarce on many cellular networks.
“The way you connect and protect an IoT device network with potentially hundreds of thousands of Internet-attached endpoints is very different from the traditional enterprise security model for branch sites and WinTel PCs,” said Ken Hosac, vice president of Cradlepoint IoT Solutions and Ecosystem. “NetCloud Perimeter represents a clean-slate approach to device networking that combines a Software-Defined Perimeter architecture with private […]
Read more here:: www.m2mnow.biz/feed/
Renesas Electronics, a supplier of advanced semiconductor solutions, announced the availability of the new RZ/N1 microprocessor (MPU) Solution Kit designed to support various industrial network applications including programmable logic controllers (PLCs), intelligent network switches, gateways, operator terminals and remote I/O solutions.
The new RZ/N1 Solution Kit is a complete development package that includes the hardware and software to enable faster prototyping of industrial Ethernet protocols such as EtherCAT, EtherNet/IP™, ETHERNET Powerlink, PROFINET, Sercos, and CANopen, thereby accelerating development and saving up to six months of industrial network protocol integration into customers’ applications.
The new kit includes a CPU development board based on the RZ/N1S MPU. In addition, a comprehensive software package is included with all the drivers and middleware, sample protocol stacks, U-Boot and Linux-based BSP, a unique inter-processor communication software, and even a user-friendly PinMuxing tool that can generate C-code header files that removes the complexity of pin configuration. The various software and sample code provides customers with a complete set of tools and frameworks to build their own application without any additional up-front costs or complexity.
Key features of the new RZ/N1 solution kit:
Enhanced operating system flexibility
Developers can now evaluate using the operating system (OS) ThreadX® for the applications subsystem, in addition to Linux that is already supported by the RZ/N1. This enables system developers to choose an OS depending on their specific application requirements. Both OS options support the leading industrial Ethernet protocols that have been implemented on RZ/N1.
Linux: A widely used OS with a very large knowledge base community. For Yocto based Linux development, Renesas provides the respective Yocto recipes to build the Linux, U-Boot and root file system. Using Qt abstracted set of APIs, GUI applications can also be developed and ported to different targets.
ThreadX: Renesas provides a sample reference port of Express Logic’s X-Ware IoT platform powered by ThreadX on the application subsystem. ThreadX is designed specifically for deeply embedded, real-time, and IoT applications. It provides advanced scheduling, communication, synchronisation, timer, memory management, and interrupt management facilities.
Enables PLC programming compatible with IEC 61131-3 by CODESYS
The new solution kit allows evaluation of CODESYS, a hardware independent IEC 61131-3 development system for programming and creating programmable logic controller (PLC) applications. Among others it supports Industrial Ethernet master stacks for EtherCAT, EtherNet/IP, Sercos, CANOpen and PROFINET.
Furthermore, the embedded LCD controller featured in the RZ/N1D makes great use of the CODESYS target visualisation tool, enabling product development with graphical visualisation screens. Having CODESYS support enables the device to be either a protocol slave device but also as a master, which highlights the flexibility of the RZ/N1 Group MPUs.
The enhanced RZ/N1 Solution Kit for the RZ/N1D and RZ/N1S Groups of MPUs are available now through Renesas Electronics and representative distributor partners. The solution kit for the RZ/N1L is scheduled to be available in 1H 2018. The kit includes a variety of sample applications, development tools, drivers as well as evaluation versions of the protocol stacks for faster prototyping and integration.
Renesas will demonstrate the new kit at SPS IPC Drives 2017 (stand 130 in Hall […]
Read more here:: www.m2mnow.biz/feed/
Renesas Electronics, a supplier of advanced semiconductor solutions, and SEGGER, a provider of software, hardware, and development tools for embedded systems, announced a collaboration that makes SEGGER’s powerful emWin GUI software package available for commercial use at no cost to customers using the new lineup of Renesas RX65N/RX651 microcontrollers (MCUs). Engineers that develop a human-machine interface (HMI), or any commercial system based on an RX65N/RX651 device will receive a free license to use the emWin library version, including its full suite of tools.
The emWin embedded GUI software is compatible with single-task and multitask environments using a proprietary operating system, or with any commercial RTOS such as SEGGER´s embOS. Designed for ultra-low power consumption, embOS can be used in any battery-powered application. A de-facto industrial standard, emWin can be found in all market segments, including industrial, medical, consumer, smart home, white goods, and automotive.
The RX65N/RX651 MCUs combine an enhanced RX CPU core architecture and 120 MHz operation to achieve processing performance of 4.55 CoreMark/MHz. The MCUs include an integrated Trusted Secure IP, enhanced, trusted flash functionality, and an HMI for industrial and network control systems operating at the edge of the Industrial Internet of Things (IIoT).
The RX65N/RX651 MCUs also include an embedded TFT controller and integrated 2D graphic accelerator with advanced features ideal for TFT displays designed into IIoT edge devices or system control applications. Selecting a display size up to WQVGA allows its large 640 KB of on-chip RAM to be used as display frame buffer, which saves external RAM to ensure a cost-optimised design.
“This emWin agreement with SEGGER gives our RX65N/RX651 MCU customers a powerful and flexible GUI software to ensure their HMI design is optimised with no extra software investment,” said Tim Burgess, senior director, Renesas Electronics Corporation. ”Working closely with embedded experts like SEGGER enhances our ability to provide the flexibility, reliability, scalability and ease of use desired by customers developing the next generation of the IIoT.”
“Renesas’ cutting-edge RX65N/RX651 MCUs are now complemented by the market-leading GUI emWin that will make software engineers even more efficient creating any kind of HMI for their applications,” said Harald Schober, director Marketing and Sales at SEGGER. “The RX65N/RX651 devices integrate a powerful graphic accelerator and floating-point unit, enabling a rich and visually pleasing graphic experience. Of course, these features are fully supported by emWin, which makes our GUI and the RX65N/RX651 MCUs a perfect match.”
For more information and to download the emWin GUI package, please click here.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
Read more here:: www.m2mnow.biz/feed/
By Gerard Best
IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance (GCA) unveiled a free Domain Name System (DNS) service designed to protect all Internet users from a wide range of common cyber threats. Launched on November 16 with simultaneous press events in London, Maputo and New York, the public DNS resolver has strong privacy and security features built-in, and can be enabled with a few changes to network settings, as outlined on the organization’s website.
Using the IP address 126.96.36.199, the aptly named Quad9 service leverages IBM X-Force threat intelligence and further correlates with more than a dozen additional threat intelligence feeds from leading cybersecurity firms, in order to help keep individual users’ data and devices safe. It automatically protects users from accessing any website or internet address identified as dangerous.
“Leveraging threat intelligence is a critical way to stay ahead of cybercriminals,” Jim Brennan, Vice President Strategy and Offering Management, IBM Security, said in a release. “Consumers and small businesses traditionally didn’t have free, direct access to the raw data used by security firms to protect big businesses. With Quad9, we’re putting that data to work for the industry in an open way and further enriching those insights via the community of users. Through IBM’s donating use of the 188.8.131.52 address to Quad9, we’re applying these collaborative defense techniques while giving users greater privacy controls.”
The open, free service became the latest to provide security to end users on a global scale by leveraging the DNS system to deliver a smart threat intelligence feed.
“Quad9 is a free layer of protection that can put the DNS to work for all Internet users,” said John Todd, executive director of Quad9. “It allows optional encryption of the query between the user and the server, and it minimises the amount of data that can leak to unknown destinations. And it uses DNSSEC to cryptographically validate the content of the DNS answers that it’s passing back to users for domain names that implement this security feature.”
It allows users to select from secure and unsecured service, the latter being for more advanced users who may have specific reasons they want to get to malware or phishing sites, or who want to perform testing against an unfiltered DNS recursive resolver. The service can also be extended to IoT devices, which face vulnerabilities such as botnet command-and-control requests.
Not only does Quad9 help Internet users avoid millions of malicious websites, but it also promises to help keep their browsing habits private. Deep-pocketed online advertisers are constantly investing in ways to take personal data from unsuspecting Internet users, in order to edge out competitors and expand markets. Frequently, low-security DNS servers are used to build extensive personal profiles of Internet users, including their browsing habits, location and identity. Many DNS providers, including many larger ISPs, are already in the lucrative business of storing personal data for resale to market research firms or digital advertising groups.
A further blow was struck in April when the US Federal Communications Commission repealed broadband privacy rules that would have required Internet service providers to get consumer consent before selling or sharing personal information with advertisers and other companies. But the fight is far from over. With the launch of Quad9, a group of Internet non-profits has made available a free service specifically designed to put Internet users back in control of their personal data.
The service is deliberately engineered to not store or analyze personally identifiable information (PII). Todd said that decision was, in part, a deliberate stance against the ingrained practice among Internet service providers (ISPs) who collect and resell private information to commercial data brokers such as online marketers.
“Our foremost goal is to protect Internet users from malicious actors, whether the threat be from malware or fraud or the nonconsensual monetization of their privacy. Quad9 doesn’t collect or store any PII, including Internet Protocol addresses. We don’t have accounts or profiles or ask who our users are. Since we don’t collect personal information, it can’t be sold or stolen,” he said.
The new service comes at a time when better protection of consumer data and Internet user privacy are being demanded by stakeholders, including governments. In May 2018, the European Union will adopt the General Data Protection Regulation (GDPR), a set of sweeping regulations meant to protect the personal data and privacy of its citizens.
Like their counterparts in Europe and USA, Caribbean stakeholders also stand to gain from these security and privacy benefits. By some estimates, global cybercrime will cost approximately $6 trillion per year on average through 2021. For businesses in developing economies of the Caribbean, cybercrime is a major concern. Around the region, legislators, law enforcement officials and security experts are locked in a struggle to keep pace with the escalating sophistication of transnational cybercriminal operations. The high cost typically involved in protecting against attacks by blocking them through DNS could explain why that technique has not been used widely by Caribbean businesses and Internet users.
“Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service. However, small to medium-sized businesses and consumers have been left behind — they lack the resources or are not aware of what can be done with DNS. Quad9 solves these problems. It is memorable, easy to use, relies on excellent and broad threat information, protects privacy and security, and is free,” Phil Reitinger, president and CEO of GCA, said in a release.
The new Quad9 service shares the global infrastructure of PCH, a US-based non-profit which has over the last two decades established the world’s largest authoritative DNS service network, extending from heavily networked parts of North America, Europe and Asia to the less well-connected areas of sub-Saharan Africa and the Caribbean. PCH hosts multiple root letters and more than 300 TLDs on thousands of servers in 150 locations across the globe.
Quad 9 has 100 points of presence in 59 countries, including 12 in the Caribbean, and plans to double that location count by 2019. Leveraging the expertise and global assets of PCH, the new DNS service promises to offer security and privacy to users in the Caribbean, without compromising speed. Bill Woodcock, executive director of Packet Clearing House, said Quad9 users in those regions could actually experience noticeable improvements in performance and resiliency.
“Many DNS service providers are not sufficiently provisioned to be able to support high-volume input/output and caching, and adequately balance load among their servers. But Quad9 uses large caches, and load-balances user traffic to ensure shared caching, letting us answer a large fraction of queries from cache. Because Quad9 shares the PCH DNS infrastructure platform, all root and most TLD queries can be answered locally within the same stack of servers, without passing query onward and making it vulnerable to interception and collection by others. When Quad9 does have to pass a query onward to a server outside of our control, unlike other recursive resolvers, we use a variety of techniques to ensure that the very minimum necessary information leaves our network and users’ privacy is maximised,” he said.
“This is a service that is squarely aimed at improving the Internet security and privacy situation for the global Internet user base, not just the developed world,” he added. “The fact that we can do it faster is just icing on the cake.”
Written by Gerard Best, Development Journalist
Follow CircleID on Twitter
Read more here:: feeds.circleid.com/cid_sections/blogs?format=xml
Italtel, a telecommunications company in IT system integration, managed services, Network Functions Virtualisation (NFV) and all-IP solutions, has launched an Open Innovation program, which will see it collaborate with start-ups and new businesses to leverage emerging technologies for applications such as Industry 4.0, Smart Cities and Digital Healthcare.
The program will see Italtel collaborate with start-ups and smaller enterprises to develop and test their solutions, with the goal of jointly commercialising them. It will initially focus on the Internet of Things (IoT), Blockchain and cybersecurity technologies.
“Italy has a rich entrepreneurial fabric which stimulates creativity and innovative ideas, but start-ups and small businesses are often limited in what assets they have to develop these ideas further,” said Luca Ferraris, head of Strategy, Innovation & Collaboration, at Italtel. “This is why this program is so important; it provides an innovation network and an opportunity to collaborate which is not limited to the laboratory.”
The use of physical spaces, test plants and IT resources are among the resources Italtel can offer to program participants in Settimo Milanese and Carini (Palermo). In exchange for this support, Italtel will be able to utilize the technologies and applications created under the program and quickly bring them to market.
Since the launch of the program six-months ago, 60 participating companies have already received appraisal for their ground-breaking work, leading to new opportunities in Industry 4.0.
“The scheme is a great opportunity for our partners to receive support in overcoming key industry hurdles frequently faced when launching new products and to have a platform which enables them toreach global markets,” added Ferraris.
For more details about Italtel’s Open Innovation program, including how to join click here.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
Read more here:: www.m2mnow.biz/feed/
Italtel, a leading telecommunications company in IT system integration, managed services, Network Functions Virtualization (NFV) and all-IP solutions, has launched an Open Innovation program, which will see it collaborate with start-ups and new businesses to leverage emerging technologies for applications such as Industry 4.0, Smart Cities and Digital Healthcare. The program will see Italtel […]
Read more here:: iot.do/feed
In a joint project, IBM Security along with Packet Clearing House (PCH) and The Global Cyber Alliance (GCA) today launched a free service designed to give consumers and businesses added online privacy and security protection. The new DNS service is called Quad9 in reference to the IP address 184.108.40.206 offered for the service. The group says the service is aimed at protecting users from accessing malicious websites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity.
Quad9 is said to provide these protections without compromising the speed of users’ online experience. From the announcement: “Leveraging PCH’s expertise and global assets around the world, Quad9 has points of presence in over 70 locations across 40 countries at launch. Over the next 18 months, Quad9 points of presence are expected to double, further improving the speed, performance, privacy and security for users globally. Telemetry data on blocked domains from Quad9 will be shared with threat intelligence partners for the improvement of their threat intelligence responses for their customers and Quad9.”
— The Genesis of Quad9: “Quad9 began as the brainchild of GCA. The intent was to provide security to end users on a global scale by leveraging the DNS service to deliver a comprehensive threat intelligence feed. This idea lead to the collaboration of the three entities: GCA: Provides system development capabilities and brought the threat intelligence community together; PCH: Provides Quad9’s network infrastructure; and IBM: Provides IBM X-Force threat intelligence and the easily memorable IP address (220.127.116.11).”
— Philip Reitinger, President and CEO of the Global Cyber Alliance: “Protecting against attacks by blocking them through DNS has been available for a long time, but has not been used widely. Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service. However, small to medium-sized businesses and consumers have been left behind — they lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information. Quad9 solves these problems. It is memorable, easy to use, relies on excellent and broad threat information, protects privacy, and security and is free.”
Follow CircleID on Twitter
Read more here:: feeds.circleid.com/cid_sections/news?format=xml
A bird’s-eye view of a playground. The inside of a convenience store. The entrance to a home.
All of these scenes, recorded live by Internet-connected surveillance cameras, have been open to snooping by even the most novice hackers, say researchers at Refirm Labs, a new startup founded by ex-National Security Agency workers. Anyone could remotely view these and scores of other remote locales through a vulnerability affecting certain surveillance cameras manufactured by TRENDnet, a California-based gadget-maker, they said.
Refirm is set to disclose this and other critical vulnerabilities affecting other devices, such as TRENDnet and Belkin routers as well as Dahua security cameras, on Wednesday. The company previewed its findings exclusively with Fortune in the lead-up to their publication.
“I wouldn’t even call this a hack because it doesn’t take any sophistication,” said Terry Dunlap, cofounder and CEO of Refirm, about the vulnerability, which affects TRENDnet’s TV-IP344PI camera model. Tuning into these cameras’ video feeds requires neither authorization nor authentication, but merely the knowledge of a device’s IP address, an easily obtained bit of identifying information, Dunlap said.
The findings call into question whether Trendnet has been taking the security of its products seriously enough in the wake of a 2014 settlement with the Federal Trade Commission that found its security to be lax. Trendnet was forced to abide by tightened regulatory standards–bolstering its information security program and submitting to regular security audits–after a severe vulnerability allowed attackers to monitor and expose hundreds of video feeds from faulty cameras.
The latest version of the TRENDnet camera still has flaws that allow attackers to gain total control of a given camera, to use it to launch other attacks, to “brick” or destroy it, to meddle with its video outputs, or to install new programming instructions on it, the researchers said.
You can watch a demonstration of how hackers can take advantage of some of the bugs here.
TRENDnet was notified of the vulnerabilities this week, Dunlap said.
“We have just received this report, and TRENDnet is currently reviewing it to validate the authenticity of each claim,” said Emily Chae, a spokesperson for TRENDnet, in an email to Fortune on Tuesday. “All TRENDnet products are tested by an internal audit team, and TRENDnet cameras go under further testing by a leading 3rd party security group. We will release a patch soon for any confirmed vulnerabilities.”
Other findings by Refirm included security holes in Belkin routers (model F9K1124v1), TRENDnet routers (TEW-816DRM), and a Dahua security camera (IPC-HDW4300S). The bugs could allow hackers to hijack devices, to meddle with their inner workings, to siphon data from networks, or to burrow deeper inside of them, the researchers said.
Dunlap’s team notified Belkin about the vulnerabilities affecting its products in two reports released in June and Oct. by his previous company, Tactical Network Solutions. Belkin released patches soon after.
“All three vulnerabilities have been addressed and we recommend that Belkin customers update their routers to this latest firmware,” said Karen Sohl, a spokesperson for Belkin.
Like TRENDnet, Dahua is only just learning about the issues affecting their products. Refirm is urging people to avoid Dahua’s products entirely, since it says many of them include hardcoded credentials that allow anyone to tamper with a device’s firmware or install backdoors.
The Refirm team provocatively suggested that this may have been done intentionally.
“This vulnerability is not the result of an accidental logic error or poor programming practice, but rather an intentional backdoor placed into the product by the vendor,” the researchers wrote. “Given that many other Dahua products contain this exact same backdoor, we strongly recommend against connecting any Dahua products to critical or sensitive networks.”
Refirm didn’t explain why Dahua would want to such a thing, and Dahua did not immediately respond to Fortune’s request for comment.
In most cases, Dunlap says, “if developers implemented secure coding practices from the very start, a significant number of IoT [Internet of Things] attacks would not exist today.”
Get Data Sheet, Fortune‘s technology newsletter
Where patches are not available, as is the case for TRENDnet and Dahua, Refirm advises people to sequester their cameras and routers away from internal networks, to limit their access to sensitive resources, or to remove them entirely until further notice.
Read more here:: fortune.com/tech/feed/