Cyber Security

Mega-Hacking: Billions of Internet Devices at Risk

The devices of the IoT are increasingly present in our homes. Many of them, unfortunately, do not receive security updates despite being connected to the Internet. Therefore, as soon as a fault is discovered in them, they become vulnerable forever. And now, the United States Department of Homeland Security and CISA ICS-CERT have issued a warning after discovering nearly twenty vulnerabilities that affect 500 manufacturers worldwide.

Called Ripple20 , the 19 zero-day vulnerabilities affect Treck’s low-level TCP / IP software library . If an attacker takes advantage of the failure, they can gain full control of a device without even user interaction.

Also Read: Websites Allows You to Avoid Ads by Adding a Point in the URL

Ripple20: 19 Vulnerabilities, and 2 of Them With a 10 of Danger

The Israeli company that has discovered the vulnerabilities, JSOF, claims that the affected devices are found everywhere, including homes, industries, hospitals, data centers, transportation, nuclear power plants, oil, etc. With this, it is possible to steal data from a printer, cause a machine to fail, change the flow of a pipe so that it explodes, etc.

Thus, an attacker can enter without leaving any trace. In total, there are four critical vulnerabilities with CVSS scores of more than 9 (two of them, CVE-2020-11896 and CVE-2020-11897 with a 10 ), and which allow an attacker to execute arbitrary code on devices in a manner remote. CVE-2020-11896 consists of sending modified packets through IPv6, while CVE-2020-11897 does it through IPv6. The other 15 vulnerabilities have CVSS notes ranging from 3.1 to 8.2, allowing from DoS attack to remote code execution. In the following video you can see how they use one of the vulnerabilities to shutdown a UPS remotely.

Some vulnerabilities have already been patched by Treck and other vendors over the years due to code and configuration changes. However, this also causes more problems, as there are variants of the vulnerabilities that have not yet been identified, and will not be identified any time soon. Currently released patches are available as of Treck 6.0.1.67 or higher.

Millions of Devices Will Run Out of Patch

The researchers have contacted the affected manufacturers, among which we find companies such as HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar or Baxter. Most have recognized the vulnerabilities, and the rest are still analyzing it before communicating it to the public. Disclosure of these vulnerabilities has been delayed twice by Covid-19, extending the grace period from 90 to 120 days. However, some companies seemed more concerned with not having their image damaged than with patching vulnerabilities.

Since many devices will not receive patches, the researchers recommend minimizing the Internet exposure of these devices, or directly ensuring that they do not have an Internet connection. Another option is to isolate them from the main network of the company or home, being able to use for example a WiFi guest network for these devices. They also recommend using VPN.

Also Read: New Malware Steals Information From Your PC Even If You Don’t Have Internet

Akansha Reddy

Akansha is a technology enthusiast and a writer with an incredible following among the leaders and decision-maker of the industry. She writes about technology, billing software, regulations and much more.

Recent Posts

Top 5 Use Cases for WhatsApp Chatbots in E-Commerce

In today’s fast-paced digital world, e-commerce businesses are always on the lookout for innovative ways…

2 months ago

Future Trends: The Evolution of Group Chat Apps in the Workplace

In the ever-evolving landscape of workplace communication, group chat apps have emerged as indispensable tools for fostering…

6 months ago

Install Kodi 17.1 Ares Wizard & Get Pin Using http://bit.ly/build_pin

What is Kodi Ares Wizard Ares Wizard could very well be the only Kodi tool…

6 months ago

6 Reasons Businesses Should Embrace Data Analytics

Data is a strategic asset. It is one of the most powerful tools that can…

7 months ago

Ways To Use Concrete Around The Home

At the moment we are spending a lot of time at home which means we…

7 months ago

Best Cell Phone Spy Apps to Catch a Cheating Husband

A big thanks to the advancement of the internet that helps us to proceed further…

7 months ago