Guardara, announced it has uncovered a Zero Day Vulnerability in open source software from EMQ, a provider of open source software for IoT devices. The vulnerability, which was uncovered by a non-security expert using Guardara’s powerful testing tool, could have significant implications for connected IoT devices depending on NanoMQ.
EMQ’s products power over 100mn connected IoT devices globally across over 10,000 enterprises. Guardara used its technology to detect multiple issues – within minutes – that caused EMQ’s NanoMQ product to crash during testing. The existence of these vulnerabilities means that any NanoMQ reliant system could be brought down completely.
This could potentially put millions of lives and significant property at risk. The technology within NanoMQ is used for collecting real time data from common devices including smartwatches, car sensors and fire detection sensors.
Message brokers are used to monitor health parameters via sensors for patients leaving hospital, or motion detection sensors to prevent theft.
Reliability and availability have never been more critical
A vulnerability of this nature is difficult and time consuming for a non-security engineer to uncover, as advanced fuzz testing is an offensive security technique reserved for the most experienced security researchers and experts (and unfortunately, malicious actors).
Guardara’s product allows engineering teams to integrate and automate this sophisticated testing into their toolkits without specialist technical knowledge.
“Guardara’s discovery of this Zero Day vulnerability within minutes shows that security issues are still present and can be widely found across different open source projects with the right capability. Even though some issues may not be exploitable for remote code execution, as we rely more and more on software in our daily lives, even a single crash could be fatal depending on the circumstance. Reliability and availability are critical due to a shift in the world being consumed by software.” said Mitali Rakhit, CEO, Guardara
Upon discovery of the vulnerability Guardara notified EMQ immediately via its disclosure process. The company reacted quickly, actively looking to improve the security posture of NanoMQ which resulted in the resolution of the issue within 1 day.
Democratising security and improving access
According to Cybersecurity Ventures, there will be 3.5mn unfilled cybersecurity jobs globally by 2021, up from 1mn positions in 2014. It is unrealistic to expect that security professionals alone will be able to bear the burden of securing software with hundreds of millions, if not billions of devices.
In 2018, Co-founders Mitali Rakhit and Zsolt Imre established Guardara to use their breakthrough technology to make complex security techniques accessible to non-security experts.
“Our technology is game-changing for the industry because of its ability to bring security expertise into the hands of people who didn’t traditionally have access to formal training in security engineering or research. By democratizing access to sophisticated testing techniques, we are leveling the playing field against the adversary, and empowering the technology community to build security into their products from Day Zero.” said Mitali Rakhit, CEO, Guardara.