Information Security News |
Industrial control systems are sensitive systems that must make decisions in real time to ensure the operation of the industrial process they govern. The latency and reliability in packet transmission is fundamental, since the protocols are connection-oriented but because of the main speed goal, many of them do not have included error recovery schemes other than those included in the TCP / IP stack.
Where is it possible to use encryption without affecting the operation of the industrial control process? Here are some examples:
Manuel Humberto Santander Pel margin-right:0cm">SANS Internet Storm Center Handler
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.Enlarge / Samsung's Smart TV interface, which seems to be running on Tizen. (credit: Samsung)
Tizen, the open source operating system that Samsung uses on a range of Internet-of-Things devices and positions as a sometime competitor to Android, is chock full of egregious security flaws, according to Israeli researcher Amihai Neiderman.
Samsung has been developing the operating system for many years. The project started as an Intel and Nokia project, and Samsung merged its Bada operating system into the code in 2013. Like Android, it's built on a Linux kernel, with a large chunk of open source software running on top. App development on Tizen uses C++ and HTML5.
Presenting at Kaspersky Lab's Security Analyst Summit and speaking to Motherboard, Neiderman had little positive to say about the state of Tizen's code. "It may be the worst code I've ever seen," Neiderman said. "Everything you can do wrong there, they do it."
Read 5 remaining paragraphs | Comments