IoT, Medical Devices, Connected Cars All Vulnerable to Hackers
The Internet of Things, pacemakers, and driverless/semi-autonomous vehicles were all in cybersecurity news this week. And if that doesn’t get your pulse a-racing, take a gander at threat vectors such as electronic bank robberies, digitally enabled high-seas piracy and cyberattacks against electrical grids (all real crimes, I kid you not).
In other news, Google released the latest stable version of Chrome this Monday, which includes patches for 30 vulnerabilities, including five high severity issues (which incidentally earned four-figure bounties for their reporters).
More open source security and cybersecurity news below…
via IoT Now: As open source use continues to increase, effective management of open source security risk is increasingly important. But in the rush to bring IoT devices to market, manufacturers are often giving insufficient attention to the additional security exposures created when systems become increasingly connected.
The Need to Manage Open Source Vulnerabilities and Licence Risks
via Cloud + Enterprise Technology: Given that open source is at the core of commercial application development, it should be no surprise that almost all — 96 percent — of the applications scanned in the COSRI analysis utilised open source, with the respective applications having nearly 150 unique open source components on average. What may come as a surprise was that 67 percent of the applications containing open source also had known vulnerabilities, and legal risks were even more widespread.
via Black Duck blog (Mike Pittenger): All four pacemakers examined contained open source components with vulnerabilities, and roughly 50% of all components included vulnerabilities. Most shockingly, the pacemakers had an average of 50 vulnerabilities per vulnerable component and over 2,000 vulnerabilities per vendor.
via Forbes: Unsurprisingly, ransomware is exploding in popularity, as the low-cost, easily usable malware proves continually effective at extracting money. But there are grander threat vectors looming: crimes such as electronic bank robberies, digitally enabled high-seas piracy and cyberattacks against electrical grids are not science fiction premises; rather, they are real crimes that will only grow more common.
via siliconANGLE: Open source technology is not just a tool for developers anymore. Two 2016 surveys highlight the prevalence of open-source adoption for businesses of all sizes. Both surveys indicate that around 90 percent of respondents — comprised of enterprise, mid-market and small businesses — have all entered into the open-source ecosystem.
via NY Times: In 2014, for example, some curious Tesla Model S owners did some tinkering and claimed to have discovered a customized version of a type of Linux software called Ubuntu. Ubuntu 10.10 was first released in October 2010 and has not been supported since December 2014. “In effect, that means the operating system in your car was deprecated before you bought it,” Mr. Rogers said.
via NY Times: But as more driverless and semiautonomous cars hit the open roads, they will become a more worthy target. Security experts warn that driverless cars present a far more complex, intriguing and vulnerable “attack surface” for hackers. Each new “connected” car feature introduces greater complexity, and with complexity inevitably comes vulnerability.
via BostInno: From Lou Shipley, CEO, of Black Duck Software, “It was so cool to start something from scratch and see it grow. But it’s bittersweet as well. That’s when it’s time to go create something else.”
via Black Duck blog (Phil Odence): US export laws require companies to declare what encryption technology is used in any software to be exported. The use of open source makes complying with these regulations a tricky process.
Fred Bals | Senior Content Writer/Editor
Originally published at blog.blackducksoftware.com.