Security researchers today disclosed 19 bugs affecting hundreds of millions of Internet of Things (IoT) devices. The "Ripple20" vulnerabilities, four of which are critical, exist in a low-level TCP/IP software library used by many manufacturers to connect their devices to the Internet via TCP/IP connections.
Researchers with Israeli cybersecurity consultancy JSOF began researching this library, built by a software company called Treck, in September 2019. It piqued the team's interest because they predicted it would be used in several types of connected devices, explains CEO and researcher Shlomi Oberman. Investigation revealed several serious flaws in all types of connected devices.
"We found it's pretty much everywhere, in terms of the IoT space," Oberman says. "We threw a stone in the pond, and ripples keep expanding, and every day we're learning of new vendors." The flaws are not named for their count, he adds, but for their ripple effect across industries.
JSOF has been working with Treck, the Computer Emergency Response Team Coordination Center (CERT/CC), and the Cybersecurity and Infrastructure Agency (CISA) in the disclosure process. While it was difficult to engage Treck at the start, JSOF says, the company ultimately took over the process of notifying its clients and developed a patch for Ripple20 by the end of March.
Vulnerable products include industrial control devices, printers, medical devices, power grids, home products, and retail devices. Ripple20 exists in the transportation, aviation, oil and gas, and government and national security sectors. Vendors affected include one-person boutique shops to Fortune 500 corporations: HP, Schneider Electric, Intel, and Rockwell Automation. When JSOF reached out to the Department of Homeland Security (DHS), they received a list of 70 t ..
Support the originator by clicking the read the rest link below.
![[DiyOtaku] Gives Old Devices A New Life](upload/news/image_1714723213_17994018.png)
