Powering over 100m IoT devices globally across 10,000 enterprises, EMQ vulnerability has real-world implications for car, fire detection, and patient data sensors
Startup’s new breakthrough technology allowed non-security expert to identify vulnerability within minutes
Developer-focused code security specialist Guardara today announces it has uncovered a Zero Day Vulnerability in open source software from EMQ, the world’s leading provider of open source software for IoT devices.
The vulnerability, which was uncovered by a non-security expert using Guardara’s powerful testing tool, could have significant implications for connected IoT devices depending on NanoMQ1.
EMQ’s products power over 100 million connected IoT devices globally across over 10,000 enterprises2. Guardara used its technology to detect multiple issues – within minutes – that caused EMQ’s NanoMQ product to crash during testing. The existence of these vulnerabilities means that any NanoMQ reliant system could be brought down completely.
This could potentially put millions of lives and significant property at risk. The technology within NanoMQ is used for collecting real time data from common devices including smartwatches, car sensors and fire detection sensors. Message brokers are used to monitor health parameters via sensors for patients leaving hospital, or motion detection sensors to prevent theft.
Reliability and availability have never been more critical
A vulnerability of this nature is difficult and time consuming for a non-security engineer to uncover, as advanced fuzz testing is an offensive security technique reserved for the most experienced security researchers and experts (and unfortunately, malicious actors). Guardara’s product allows engineering teams to integrate and automate this sophisticated testing into their toolkits without specialist technical knowledge.
Mitali Rakhit, CEO, Guardara:
“Guardara’s discovery of this Zero Day vulnerability within minutes shows that security issues are still present and can be widely found across different open source projects with the right capability.”
“Even though some issues may not be exploitable for remote code execution, as we rely more and more on software in our daily lives, even a single crash could be fatal depending on the circumstance. Reliability and availability are critical due to a shift in the world being consumed by software.”
Upon discovery of the vulnerability Guardara notified EMQ immediately via its disclosure process. The company reacted quickly, actively looking to improve the security posture of NanoMQ which resulted in the resolution of the issue within 1 day.
Democratizing security and improving access
According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs globally by 2021, up from 1 million positions in 20143. It is unrealistic to expect that security professionals alone will be able to bear the burden of securing software with hundreds of millions, if not billions of devices. In 2018 co-founders Mitali Rakhit and Zsolt Imre established Guardara to use their breakthrough technology to make complex security techniques accessible to non-security experts.
“Our technology is game-changing for the industry because of its ability to bring security expertise into the hands of people who didn’t traditionally have access to formal training in security engineering or research. By democratizing access to sophisticated testing techniques, we are leveling the playing field against the adversary, and empowering the technology community to build security into their products from Day 0.” – Mitali Rakhit, CEO, Guardara.
2https://www.emqx.com/en/about
3https://cybersecurityventures.com/jobs/