Ars Technica: Exton firm's buggy piece of code could put telecom nets at risk
Tom Paine
Follow @phillytechnews
Subscribe in a readerCode developed by an Exton firm and widely distributed throughout the mobile telecom infrastructure is deemed at risk for major intrusion, security experts say.
A bug resides in a code library developed by Objective Systems of Exton, which is present in a "wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones," according to an Ars Technica article. Although it would take considerable skill, the bug could be exploited to take control of entire networks.
The code library is used to implement a telephony standard known as ASN.1, or Abstract Syntax Notation One. Objective Systems has released a patch, but it would be difficult to get the patch to all the nodes and devices in which it resides. That's a problem which will only multiply with the growth of the Internet of Things.
The Ars Technica article quotes HD Moore, principal at a firm called Special Circumstances, describing the flaw as a "big deal" because of the breadth of gear that are at risk of complete takeover.
Founded in 1997, Objective Systems appears to be a small, though influential, firm. LinkedIn only shows 10 employee for it, although that's not always a completely accurate indicator. Its a bit hard to find out who's behind the company, but its CEO is Ed Day, an engineering grad from Penn State who gained his early experience with MCI.
