IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

100 million IoT devices affected by zero-day flaw

Vulnerability could affect car, fire detection, and patient data sensors

Security researchers have uncovered a zero-day vulnerability in open source software from EMQ that could cause systems to crash and affect medical equipment.

Researchers found the flaw in NanoMQ, an MQ Telemetry Transport (MQTT) messaging engine and multi-protocol message bus for edge computing that is used for collecting real-time data from smartwatches, car sensors, fire detection sensors, and more, according to researchers at cyber security firm Guardara. 

The same technology is used to monitor health parameters via sensors for patients leaving the hospital and motion detection sensors to prevent theft.

The vulnerability could have significant implications for connected internet of things (IoT) devices dependent upon NanoMQ. 

Zsolt Imre, founder and CTO of Guardana, said on GitHub the problem lies in the MQTT packet length. This messaging protocol for IoT devices is designed to be an extremely lightweight publish/subscribe messaging transport for connecting remote devices with a small code footprint and minimal network bandwidth.

Imre said when the MQTT packet length is tampered with and is lower than expected, a memcpy operation receives a size value that makes the source buffer location points to or into an unallocated memory area. “As a result, nanomq crashes,” he said.

Related Resource

HP Wolf Security: Threat insights report

Equipping security teams with the knowledge to combat emerging threats

Skyscrapers from belowFree download

“The problem seems to be with how the payload length is calculated,” Imre added. “Suspected that the unusual packet length ‘msg_len’ is a smaller value than ‘used_pos,’ therefore the subtraction results in a negative number. However, ‘memcpy’ expects the size as ‘size_t,’ which is unsigned. Therefore, due to the casting of a negative number to ‘size_t’, the length becomes a very large positive number (0xfffffffc in case of this proof of concept).”

According to Guardara, the flaw could potentially put millions of lives and significant property at risk. The flaw was discovered using a new testing tool developed by the firm.

Mitali Rakhit, CEO at Guardara, said even though some issues may not be exploitable for remote code execution, as we rely more and more on software in our daily lives: “Even a single crash could be fatal depending on the circumstance. Reliability and availability are critical due to a shift in the world being consumed by software.”

Upon discovering the vulnerability, Guardara notified EMQ immediately via its disclosure process. The company reacted and resolved the issue within a day.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

'CryWiper' trojan disguises as ransomware, says Kaspersky
malware

'CryWiper' trojan disguises as ransomware, says Kaspersky

2 Dec 2022
Hyundai vulnerability allowed remote hacking of locks, engine
Security

Hyundai vulnerability allowed remote hacking of locks, engine

30 Nov 2022
Getting board-level buy-in for security strategy
Whitepaper

Getting board-level buy-in for security strategy

30 Nov 2022
Best free malware removal tools 2022
Security

Best free malware removal tools 2022

28 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Salesforce co-CEO Bret Taylor resigns with cryptic parting message
Business operations

Salesforce co-CEO Bret Taylor resigns with cryptic parting message

1 Dec 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022