News & Innovations

News and innovations published by German exhibitors

  back to overview

Severe SDK vulnerabilities at Broadcom due to copy-paste engineering

Hardware components from Broadcom can be found in numerous devices from leading vendors such as Cisco, DD-WRT or Linksys. ONEKEY recently reported that significant vulnerabilities lie deep in the software development kit (SDK). The ONEKEY Research Lab team exposed vulnerabilities that have been a common thread throughout products built on Broadcom for more than a decade, providing a welcome entryway for hackers.

In addition to the issue of the unmonitored supply chain — i.e., the use of hardware without prior risk verification — what stands out here is how serious the consequences of copy-paste engineering can be: Although Broadcom published a patch as early as 2011, leading manufacturers repeatedly built these vulnerabilities into products as they rely on a faulty version of the SDK.

ONEKEY is the leading European platform for analyzing device firmware, and regularly uncovers vulnerabilities at component or device manufacturers.

Further reading

Exhibitor: ONEKEY (formerly IoT Inspector)

OK

We only use functionally necessary cookies and the web analysis tool Matomo in order to optimally design and continuously improve our website for you. By continuing to use our website, you agree to this. Further information and an objection possibility can be found here: Data protection