Vulnerabilities In TCP/IP Stack Put Millions Of IoT Devices At Risk

Vulnerabilities In TCP/IP Stack Put Millions Of IoT Devices At Risk

Researchers at Forescout report the vulnerabilities that could allow attackers to remotely execute code, take control of IoT devices, perform DoS attacks, act as a gateway to the rest of the network, and knock IoT devices offline.

Security researchers warn these vulnerabilities are present in millions of Internet of Things devices.

The nine vulnerabilities – dubbed as Name:Wreck – affect four TCP/IP stacks, communications protocols commonly used in IoT devices, and relate to Domain Name System (DNS). 

Over 100 million consumer, enterprise, and industrial IoT devices use vulnerable devices.

The vulnerabilities have been dubbed Name:Wreck by researchers at Forescout and JSOF due to the way the parsing of domain names can break DNS implementations in a TCP/IP stack.

The Forescout’s report is part of Project Memoria which examines vulnerabilities in TCP/IP stacks on such popular stacks as Nucleus NET, FreeBSD, and NetX.

“This can be an entry point, a foothold into a network and from there you can decide, basically, what is the attack is,” Daniel dos Santos, a research manager at Forescout, told ZDNet.

“One of the things that that you can do is just basically take devices offline by sending malicious packets that crash the device. Another thing is when you’re able to actually execute code on the device, that opens up the possibility of persistent on the network or moving laterally in the network to other kinds of our targets,” he explained.

Although security patches have been released that fix the vulnerabilities, applying security updates to IoT devices is often rather techy. Many users would not be willing to apply them and would remain vulnerable, researchers explain.

Healthcare organizations are among the most affected by the security flaws and can compromise healthcare data and devices which will impede patient care.

Researchers advise organizations to apply the necessary security patches as soon as possible.

“Complete protection against Name:Wreck requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up-to-date patches for any devices running across these affected IP Stacks,” said dos Santos.

As in some cases, it may not be possible to apply patches to IoT devices, Forescout recommends taking additional steps:

“Besides patching, which of course is the thing that everybody should try to do, there are other things that can be done, like segmentation and monitoring network traffic,” said dos Santos.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.