Since most IP connected security devices are based on a Linux kernel, I was wondering how much of a threat this will be to our industry?
Any Dirty COW Info Out There?
Good question. With the way things are going I am wondering how long until my Nest thermostat is part of some botnet.
Doesn't Dirty Cow only allow escalation of privileges? Do you need an account with basic privileges to access the device in the first place? For as long as Windows has been the weak link at least we have the means to update and reasonably secure it.
From reviewing some of the descriptions of dirty cow this seems like zero to low threat. The basic idea is that a standard user with access to a linux shell on a host could use this method to escalate their privileges to root-level.
The reason this is not likely to impact security devices is because devices that are insecure enough to give you a console already do the legwork for you, and in most cases you are logged in to a root-level account. There is no need to try and exploit the system you're logged in to when it gives you all the access you want by default.
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.