1 min read

NAME:WRECK TCP/IP Stack Vulnerabilities Could Impact 100 Million IoT Devices

Silviu STAHIE

April 19, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
NAME:WRECK TCP/IP Stack Vulnerabilities Could Impact 100 Million IoT Devices

Security researchers have revealed nine vulnerabilities in four different TCP/IP stacks, which could expose more than 100 million IoT devices to attacks.

The TCP/IP stacks are fertile terrain for vulnerabilities. Researchers often find problems with these stacks, and the fact that they are so widely used only means that the potential impact is often difficult to gauge. Since the definition of IoT devices implies that they are always connected to the Internet, any vulnerability in the stack governing that interaction will likely cause a problem.

This new stack of vulnerabilities identified by Forescout and JSOF Research are severe enough to warrant a name, NAME:WRECK. They affect four popular stacks from FreeBSD, Nucleus NET, IPnet and NetX.

For example, Nucleus NET is part of Nucleus RTOS, an operating system used in hospitals, critical systems in the aviation industry, and numerous automation devices. NetX fills similar market niches, and FreeBSD is present in servers, open-source projects, and much more. All of these total billions of deployed devices. While not all of them are affected, a conservative estimate is that at least one percent is affected, which means around 10 million devices.

“These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to take target devices offline or to take control over them,” say the researchers. “The widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface.”

The disclosure for these vulnerabilities was made after the developer issued patches for the affected systems, but with such a large volume of devices, it will take a long time for the patches to disseminate into the wild. And that’s not even counting the devices that can’t be patched because it depends on other hardware.

The security researchers issued a few possible mitigations, but the best solution would be to patch the systems as soon as possible.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns of Phishing Attack Targeting People Looking for Unemployment Benefits FBI Warns of Phishing Attack Targeting People Looking for Unemployment Benefits
Silviu STAHIE

October 20, 2021

1 min read
Hacker Says He Stole ID Data of 45 Million Argentinians Hacker Says He Stole ID Data of 45 Million Argentinians
Silviu STAHIE

October 20, 2021

1 min read
Meet Scam Alert, the New Bitdefender Mobile Security & Antivirus Technology Battling Malicious Links Meet Scam Alert, the New Bitdefender Mobile Security & Antivirus Technology Battling Malicious Links
Silviu STAHIE

October 20, 2021

2 min read