Marcus Carey, security researcher at Rapid7
March 01, 2012
Threat of the month

Threat of the month: Compromised embedded systems

What is it?
Embedded systems are small computing or logic devices that can connect to the internet. These are often deployed without network perimeter protection, such as a firewall. These devices are seldom patched, leaving them vulnerable to remote and local exploits.

How does it work?
The embedded systems are deployed with default configurations, so attackers can easily login and change critical systems, potentially causing real-world damage.

Should I be worried?
Embedded systems are usually treated with less security focus than workstations or servers, which is a huge mistake.

How can I prevent it?
I recommend placing devices behind network perimeter devices when possible. Default usernames and authentication credentials should also be changed. Another preventative measure is ensuring all embedded devices have up-to-date firmware/software.
From the March 2012 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in Features

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.