Hardware Vulnerabilities 2.3

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/3

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

4 Terms

1
New cards

Hardware Vulnerabilities

In both home and office networks, many devices are connected, but these devices often don't give us direct access to the operating systems running inside them.

  • Since these devices are connected to the network, they represent a potential security risk—acting as perfect entry points for attacks.

  • Examples include devices that control air conditioning systems, time clocks, or even smart light bulbs, garage doors, refrigerators, and door locks.

Before IoT, security was mainly focused on operating systems we controlled, like those on Windows laptops or smartphones. However, with IoT, we now face security risks with each connected device, many of which may not have robust security features.

2
New cards

Firmware

The operating system running inside hardware devices that controls the device’s functions.

  • Typically, only the manufacturer of the device can update or manage the firmware.

  • However, this depends on whether the manufacturer is aware of security issues and motivated to fix them.

  • Unfortunately, many hardware manufacturers do not prioritize IT security in the same way that developers of traditional operating systems (like Windows, macOS, or Linux)

  • For instance, Trane Comfortlink II Thermostats, which allow users to control home temperature from their phones, were found to have vulnerabilities in April 2014. Trane did not release a patch until April 2015, and another patch came in January 2016.

3
New cards

End-of-Life (EOL) & EOSL (End-of-Service-Life)

Refers to the manufacturer's notice that they will stop selling a particular product in the future.

  • Although the product is no longer actively being sold, you may still receive security patches and updates for a limited time.

  • This is usually a warning that it may soon be time to replace the device.

Occurs when the manufacturer stops supporting the device entirely. At this point, no more updates, including security patches, will be provided.

  • Some manufacturers may offer premium-cost support for a limited time

  • Advisable to replace it as soon as possible to ensure you have the latest security patches and keep your systems protected.

4
New cards

Legacy Platforms

Some devices can remain in use for extended periods, often past their End of Life (EOL) or End of Service Life (EOSL).

  • Might include older operating systems, applications, or middleware, which may no longer receive security updates or support.

The main challenge comes when these legacy systems play a critical role in your organization’s operations, making it difficult to simply replace or turn them off.

  • Mitigate the associated security risks:

  • Implementing IPS (Intrusion Prevention System) signatures tailored to older operating systems.

  • Stronger firewalls or network segmentation.

  • Creating a path for their eventual replacement and adding security measures can reduce the risks associated with keeping them on the network.