Millions of IoT devices worldwide could be vulnerable to remote attacks due to serious security flaws affecting the Treck TCP/IP stack, Israel-based cybersecurity company JSOF warned on Tuesday.
Treck TCP/IP is a high-performance TCP/IP protocol suite designed specifically for embedded systems. JSOF researchers have discovered that the product is affected by a total of 19 vulnerabilities, which they collectively track as Ripple20.
The vulnerabilities rated critical and high-severity can be exploited for remote code execution, denial-of-service (DoS) attacks, and for obtaining potentially sensitive information. Exploitation involves sending specially crafted IP packets or DNS requests to the targets, and in some cases it may be possible to launch attacks directly from the internet.
“Ripple20 vulnerabilities are unique both in their widespread effect and impact due to supply chain effect and being vulnerabilities allowing attackers to bypass NAT and firewalls and take control of devices undetected, with no user interaction required,” JSOF said in a report describing Ripple20. “This is due to the vulnerabilities’ being in a low level TCP/IP stack, and the fact that for many of the vulnerabilities, the packets sent are very similar to valid packets, or, in some cases are completely valid packets. This enables the attack pass as legitimate traffic.”
The vulnerable library has been used in devices made by more than 100 organizations, including industrial, medical, smart home, networking, enterprise, retail, energy and transportation systems.
According to JSOF, depending on what the targeted system is used for, exploitation of the vulnerabilities can allow an attacker to maintain access to a network, cause financial damage, cause disruption, or take control of devices (in the case of medical devices this can threaten an individual’s life or heal ..
Support the originator by clicking the read the rest link below.
