• About
  • Advertise
  • Contact
Tuesday, May 30, 2023
No Result
View All Result
NEWSLETTER
iotphoenix
  • Home
  • Tech

    Cisco, AWS integrate IoT, edge network software and services

    5G research by DARPA will lead to commercial applications

    Siemens and Google Cloud team to deliver AI-based manufacturing solutions

    Will Apple’s Internet of Things vision hurt a beautiful idea?

    Katherine the White Shark crashes research site’s servers

    TCP/IP stack vulnerabilities threaten IoT devices

    Trending Tags

    • IIoT
    • You’re probably doing your IIoT implementation wrong
    • Splunk debuts IIoT product for in-depth analytics
  • Mobile
  • Internet of Things
  • Technology Industry
  • Networking
  • Software
  • Cloud Computing
  • Security
  • Home
  • Tech

    Cisco, AWS integrate IoT, edge network software and services

    5G research by DARPA will lead to commercial applications

    Siemens and Google Cloud team to deliver AI-based manufacturing solutions

    Will Apple’s Internet of Things vision hurt a beautiful idea?

    Katherine the White Shark crashes research site’s servers

    TCP/IP stack vulnerabilities threaten IoT devices

    Trending Tags

    • IIoT
    • You’re probably doing your IIoT implementation wrong
    • Splunk debuts IIoT product for in-depth analytics
  • Mobile
  • Internet of Things
  • Technology Industry
  • Networking
  • Software
  • Cloud Computing
  • Security
No Result
View All Result
iotphoenix
No Result
View All Result
Home Internet of Things

TCP/IP stack vulnerabilities threaten IoT devices

April 20, 2021
in Internet of Things
0 0
0
0
SHARES
91
VIEWS
Share on FacebookShare on Twitter

A set of vulnerabilities in TCP/IP stacks used by FreeBSD and three popular real-time operating systems designed for the IoT was revealed this week by security vendor Forescout and JSOF Research. The nine vulnerabilities could potentially affect 100 million devices in the wild.

Nucleus NET, IPNet and NetX are the other operating systems affected by the vulnerabilities, which a joint report issued by Forescout and JSOF dubbed Name:Wreck.

In a report on the vulnerabilities, Forescout writes that TCP/IP stacks are particularly vulnerable for several reasons, including widespread use, the fact that many such stacks were created a long time ago, and the fact that they make an attractive attack surface, thanks to unauthenticated functionality and protocols that cross network perimeters.

The Domain Name System suffers from much the same issues, which are exploitable in the case of the Name:Wreck vulnerabilities.

“DNS is a complex protocol that tends to yield vulnerable implementations, and these vulnerabilities can often be leveraged by external attackers to take control of millions of devices simultaneously,” the report said.

Name:Wreck can allow for both denial-of-service attacks and remote code execution, and is likely caused by poor coding practices in the code parsing of DNS response contents, according to Eric Hanselman, a principal research analyst at 451 Research. Essentially, a key value in the system used to compress DNS responses into smaller and easier-to-move packages is not validated by the system, and can be manipulated by a bad actor.

“The difficulty with DNS attacks is that DNS responses can contain a significant amount of information,” Hanselman said. “There are so many format options that it’s not uncommon to return a significant volume of data in a DNS response, and if you’re not tracking DNS queries and you allow OpenDNS in your environment, it’s very difficult to track the response to ensure you’ve got stateful follow-up.”

The actual danger to which an organization is exposed differs based on which of the vulnerable stacks it’s using. The FreeBSD vulnerability is likely more widespread – it affects millions of IT networks, including Netflix and Yahoo, as well as traditional networking devices like firewalls and routers, according to the report, but is likely easier to fix.

“Those are manageable systems – we should be able to update them,” said Forrester senior analyst Brian Kime. “[And] they should be prioritized for remediation, because they’re part of your network stack.”

The same cannot be said, in many cases, of the real-time operating systems affected by Name:Wreck, since the standard issues that make securing IoT devices remain in play here. The ability to patch and update firmware is still not a standard feature, and the OEMs of connected devices – which may be quite old, and may not have been designed to be Internet-facing in the first place – might not even be operating any more.

In cases where those IoT devices are vulnerable, strong security has to start at the network layer, according to Hanselman. Monitoring the network directly for anomalous activity – which, again, can sometimes be difficult to detect in the case of a TCP/IP vulnerability – is a good start, but what’s really needed is techniques like DNS query protection.

“Fortunately for most organizations, DNS monitoring has become much more prevalent, because DNS is one of the best ways to do detection for ransomware,” he said. “Most organizations should have reasonable DNS query protection in place.”

The active scope of these vulnerabilities is limited by several factors, including whether affected devices have direct access to the Internet – unlikely in the case of many of the medical devices described – and how patchable they are. What’s more, it’s worth noting that none are thought to have been exploited in the wild as of yet. However, one key target to watch could be printers.

Printers are highly accessible, given that they’re more or less ubiquitous and tend not to draw a lot of security attention, according to Kime, and, once compromised, they could offer a vector through which other vulnerable devices on a network could be accessed.

“Rarely are people going to assess them for vulnerabilities, so they get exploited by threat actors,” he said. “I could see bad actors using IoT vulnerabilities as persistence once they’ve exploited something else to get into the environment.”

Name:Wreck is far from the only set of TCP/IP vulnerabilities to rear its ugly head in recent memory, of course. Forescout and JSOF, between them, have discovered several families of this type of security flaw in the past, including Ripple20, Amnesia:33 and Number:Jack within the past calendar year alone, and experts agree that further vulnerabilities are likely to come to light for the foreseeable future. For one thing, there simply aren’t that many IP stacks in existence, meaning that many are used in a huge range of applications, and that they’re generally assumed to be secure.

“It’s something where everyone assumes they can pull the IP stack from whatever their favorite [open-source software] distribution happens to be, and these should be well-hardened,” said Hanselman. “For the most part, that’s true, but networking stacks are dealing with fairly complex state management, and there can be unexpected ways to manipulate those.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2021 IDG Communications, Inc.

Download WordPress Themes Free
Download Best WordPress Themes Free Download
Premium WordPress Themes Download
Download WordPress Themes
udemy free download
download xiomi firmware
Download Best WordPress Themes Free Download
ZG93bmxvYWQgbHluZGEgY291cnNlIGZyZWU=
Tags: TCP/IP stack vulnerabilities threaten IoT devices
Next Post

5G: mm-wave signals could power self-charging IoT devices

Recommended

Slideshow: Beyond passwords

May 20, 2021

New Microsoft BizTalk Server coming in Sept.

May 20, 2021

RFID boosts supply chain performance

May 20, 2021
Loading

Category

  • Analysis
  • Careers
  • Cloud Computing
  • Data Center
  • Data Centers
  • Databases
  • Guest Opinions
  • Hardware
  • Infrastructure
  • Insider Insights
  • Internet of Things
  • IT Leadership
  • Mobile
  • Networking
  • New Connections
  • News
  • Open Source
  • Opinion
  • Research
  • Security
  • Software
  • Software Development
  • Technology Industry
  • Uncategorized
  • Unified Communications
  • Videos
  • Virtualization
  • WAN

About Us

Get updated with latest IOT related news and information with us.

© 2023 iotphoenix.

No Result
View All Result
  • Home
  • Internet of Things
  • Security
  • WAN
  • Cloud Computing
  • Data Centers
  • Mobile
  • Networking
  • Software
  • Technology Industry

© 2023 iotphoenix.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In