Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

Many Internet of Things Devices Have Significant Vulnerability

Internet of Things

Last week, JSOF published 19 vulnerabilities found in Internet of Things devices. Ripple20 is the name for the collection of vulnerabilities.

JSOF is a team of experienced cyber security professionals, with a wide and deep understanding of software, technology, and security.  They have deemed this situation as high risk because it affects hundreds of millions of devices.  The vulnerabilities include multiple remote code executions.  Some examples of such code execution are industrial control devices.  Malfunctions can occur at any time or date. For example, an intravenous infusion pump used in the healthcare world could have its behavior changed by this vulnerability.  Imagine a drip rate changing or adding more medication than it is intended to for a patient.  Even worse is that a malicious actor could hide vulnerable codes in the back end of these devices for years as they operate under normal conditions.  Then one day a malicious hack is sent out for execution and this will make the devices a zero-day hack or act like sleeper agents.

Where do these vulnerabilities stem from?

The discovered vulnerabilities stem from Treck’s TCP/IP library.  This is used to allow computers to communicate over long distances.  Essentially, information is broken down into small packets and “sent individually over many different routes at the same time.”  The “IP” in TCP/IP ensures that the packets are sent to the correct destination. Once those packets reach their destination, they are then reassembled.  TCP is the portion that collects and reassembles the data to its correct form to fulfill an execution.

Many Internet of Things devices use TCP/IP, and has been in use since the 1970’s.  Additionally, more than 50 major vendors may be affected. This means the vulnerabilities have been spread far and wide over a few decades.

Why is this such a big deal?

Per JSOF, “in all scenarios, an attacker can gain complete control over the targeted device remotely, with no user interaction required.”  While many of the vulnerabilities were discovered in the past and there have been patch updates established, a lot of these devices continue to operate on outdated versions of TCP/IP.

Some vulnerabilities are rated as critical; meaning there could be severe ramifications if updates aren’t implemented prior to the exploit is pushed out. One such example is in the DNS protocol, which could potentially be exploited over the internet, from outside of the network.  This could even occur on devices that aren’t connected to the internet.

Ok, how do we fix it?

The first step a corporation should take is to perform a risk assessment.  This assessment will assist in the discovery of the potentially impacted devices.  After the discovery, an update of the devices will be required.  If that isn’t feasible, then a workaround will need to be in place to ensure the devices and people are safe from being comprised in the future.  Treck states they have updated the latest version of TCP/IPv4/v6.  Therefore, updates or mitigations are readily available.  The biggest concern for corporations should not be “Do we have infected devices?”, but moreover “We discovered the known devices and have an action plan on implementing a fix”.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903