Researchers discovered 33 essential vulnerability bugs impacting millions of IoT computers.

Spread the love


The issues may never be fixed for all devices

Why it matters: Gartner estimates that over 80 percent of all organizations currently use the Internet of Things to solve business use cases, and one in five has suffered a serious attack in the past three years. Most of these companies use equipment that is affected by at least 33 newly-discovered vulnerabilities, most of which will likely never be fixed due to various reasons.

Earlier this year, security researchers found that millions of IoT and surveillance devices powered by HiSilicon chips have a trivial backdoor that is unlikely to get a fix anytime soon as parent company Huawei has little control over third-party firmware implementations.

Today, a new report from Forescout Research Labs revealed that a new series of vulnerabilities will impact devices from over 150 vendors. Collectively dubbed “Amnesia:33”, the flaws affect four open-source TCP/IP stacks, specifically: uIP, picoTCP, FNET, and Nut/Net. By far the most vulnerable is uIP, which happens to be used by most vendors on the list.

RECOMMENDED READ:  What is Healthcare IT or health information technology?

The number of potentially impacted devices is huge, as it includes wearables, smartphones, game consoles, printers, routers, switches, IP cameras, uninterruptible power supplies, HVAC systems, self-checkout kiosks, ATMs, barcode readers, single-board computers like the Raspberry Pi, smart home appliances and sensors, servers, and many other consumer, enterprise, and industrial devices.

If exploited, the 33 vulnerabilities allow attackers to perform a wide range of malicious attacks such as denial of service (DoS), remote code execution (RCE), DNS cache poisoning to redirect to a malicious domain, and information leak to acquire sensitive information.

Forescout researchers had previously uncovered 20 vulnerabilities in the Treck TCP/IP stack dubbed Ripple20, which were eventually fixed by the Cincinnati-based software company. However, the Amnesia:33 vulnerabilities affect open source libraries used in a myriad of devices from a variety of different companies, which makes them much more difficult to fix. Five of the flaws have been around for 20 years, and many of the affected devices use chips from a rich ecosystem of third party silicon vendors, many of which offer little documentation and some of which are no longer in business.

RECOMMENDED READ:  Windows 10 Users Can Now Browse Contacts on Android Devices

Forescout has been working with Germany cyberdefense agency BSI, the CERT Coordination Center, ICS-CERT, JPCERT, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to coordinate the issuing of alerts about Amnesia:33.

In the meantime, the researcher lab explains that organizations can mitigate risks by patching where possible, monitoring for malformed packets, relying on internal DNS servers, blocking or disabling IPv6 traffic, and segmenting and zoning to minimize the impact in case a device has been compromised to get deeper access.

Apple teams up with Common Sense Media to compile podcasts for children

Good news for parents who want sound audio material for their children. Podcasts have hit a new height over the Read more

Dell’s redesigned G15 gaming laptop packs with RTX 3000 graphics and a speckled paint job.

It will initially be sold in China, but Dell did not announce any pricing for any of the three models. Read more

NFTs,  new crypto craze explained

NFTs are authenticating the originality of digital products If you've been watching tech or financial news late, you may have Read more

Leave a Reply

Your email address will not be published. Required fields are marked *