17th June 2020
JSOF, a cyber security consultancy in Israel, has announced the discovery
of a series of serious zero-day exploits impacting potentially
hundreds of millions of IoT (Internet of Things) devices.
Quote:
|
Originally Posted by JSOF
The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more) and include multiple remote code execution vulnerabilities. The risks inherent in this situation are high. Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years. One of the vulnerabilities could enable entry from outside into the network boundaries; and this is only a small taste of the potential risks.
The interesting thing about Ripple20 is the incredible extent of its impact, magnified by the supply chain factor. The wide-spread dissemination of the software library (and its internal vulnerabilities) was a natural consequence of the supply chain “ripple-effect”. A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people.
|
For example, the Treck TCP/IP stack is used in certain HP and Samsung
branded printers :-
https://support.hp.com/in-en/document/c06640149
and in some Cisco routers and gateways :-
https://tools.cisco.com/security/cen...stack-JyBQ5GyC
JSOF announcement here :-
https://www.jsof-tech.com/ripple20/
Advice is given under the section Risk Evaluation and Mitigations.
Certainly perform an assessment on any device that is Internet facing.
Treck vulnerability announcements :-
https://treck.com/vulnerability-response-information/