There are hundreds of millions of flawed devices

Let's take a little time to talk about the vast numbers of smart devices in use around the world. You probably have several in your home or office. Smart devices need operating systems, just like your phone and your PC. Of course, mobile device operating systems must be much smaller and more compact. After all, they don't really need to do a lot of computing, and they don't need a GUI, so the code tends to be on the lean side.

The odds are excellent that you've never even heard of most of the IoT's operating systems, nor the companies that make them. Take VxWorks by a company called Wind River, for example.  It's the most popular Real-Time Operating System (RTOS), used in a wide range of smart devices today.  They don't get a lot of attention or oversight because almost nobody has heard of them.

That's beginning to change, however.  Recently, security researchers disclosed the details of the "Urgent 11", which are 11 vulnerabilities found in VxWorks that can be used by hackers to take control of a variety of devices. These devices range from medical systems to printers, industrial equipment, routers, and more.

Internet-of-Things now generates bad news

The company has been in existence for 32 years. Yet, in that time, only 13 security flaws with a MITRE-assigned CVE have been found in the VxWorks RTOS, because again, nobody's paying attention.

The good news is that when someone finally started paying attention, Wind River responded quickly and resolved all eleven of the security flaws, issuing a patch to correct them.  There's just one rather significant catch, however.

The company is claiming that the vulnerabilities are not unique to Wind River software and that the IPnet stack (where the vulnerabilities were found) was acquired by the company back in 2006.  Prior to Wind River's acquisition of it, it was deployed in a wide range of other RTOS'.

Our perspective

All that to say, while Wind River is acting responsibly, there is an unknown number of other RTOS' out there that are vulnerable. The companies behind them may be doing little or nothing about it.  In many ways, the OS ecosystem of the IoT is still very much a black box, and that's troublesome.

As Sgt. Phil Esterhaus always advised: "Hey, let's be careful out there!"

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.