A Timesys Deep Dive Embedded Systems Newsletter

December 2021

Cybersecurity in the News: Millions of devices at risk with 14 vulnerabilities found in BusyBox

These Denial of Service vulnerabilities may be present in 40% of embedded firmware images

By now, you’ve likely heard about the fourteen vulnerabilities found in the BusyBox userspace tool earlier this month, affecting millions of embedded devices running Linux-based firmware.

Firmware developers are advised to upgrade to the new version (BusyBox 1.34.0) where the vulnerabilities were fixed.

But it shouldn’t stop with this one upgrade. This CSO article gives a detailed look at the vulnerabilities found, and highlights the need for monitoring and remediation of security vulnerabilities as well as regular updates: “Enterprises should have patching policies in place that take into account their IoT and OT devices and should generally choose devices from vendors that commit to releasing regular and timely security updates for their products.”

While this is good advice, it requires a tremendous amount of work to search through hundreds of vulnerabilities reported weekly, decide which need to be addressed, and find and apply the patches.


Our vulnerability monitoring and remediation tool, Vigiles, utilizes a curated database to give you an early notification of CVEs like those found in the BusyBox userspace tool. And early notification gives you a jump start to take action on the most pressing security threats without having to comb through hundreds and hundreds of CVEs.

Ready to take control of your CVE monitoring and remediation? Try out Vigiles Prime free for 30 days.

What’s New at Timesys

Timesys has a Brand New Look

Get early access to the results from our industry-wide survey

Same great solutions. New and improved website experience.

Check out the shiny new timesys.com.

Events

Yocto Project Summit

The Yocto Project Virtual Summit is a virtual technical conference for engineers, open source technologists, students and academia in the OSS space. Attendees can learn about Yocto Project’s new releases, tools, and features; get training on the next wave of embedded Linux technologies; and network with their peers and industry experts.

Kevin Chau
Senior Embedded Linux Engineer, Timesys

Using Yocto to Secure Your Device: From Development to Production

December 2, 2021 • 11:00 AM EDT / 8:10 AM PDT

With the recent increase in security scrutiny, how do we leverage Yocto’s extensibility and flexibility to streamline development and keep our products secure? This Yocto Project Virtual Summit talk will focus on key security ideas and their implementation in Yocto for different stages of development.

Timesys-NXP Webinar

Vigiles Demo Webcast with NXP: Supercharge your vulnerability management

December 9, 2021 • 11:00 AM EDT / 8:00 AM PDT

 

Join NXP and Timesys for a demo webcast that explores industry best practices to create a process for maintaining effective embedded system security using the Vigiles vulnerability monitoring and management tool. We’ll discuss:

  • How to choose the right tool for embedded system security maintenance and achieving industry compliance
  • Demo of the Vigiles tool and latest features with a look at how it plugs into the software development workflow (Jira integration, license and policy alerts, manifest comparison, new APIs and more)
  • Using the Vigiles tool plus OS maintenance service for long term fixed branch support for vulnerabilities

IoT Device Manufacturer Security Survey

We Want Your Feedback

We are conducting an industry-wide, global survey to better understand where IoT device manufacturers are on their cybersecurity journey. The survey takes less than 5 minutes to complete, and individual answers will remain completely anonymous and strictly confidential. It is open to all individuals, regardless of location.

All participants will get early access to the results, and 5 participants will randomly be selected to receive a USD$50 Visa gift card. Survey closes February 1, 2022. Email leah.simoncelli@timesys.com with any questions.

Want to take it a step further and share it with your network? Share this tweet or this Linkedin post. In addition to the perks above, you’ll get our undying gratitude.

Subscribe to our newsletter so you don’t miss a thing.