Ripple20 Vulnerabilities Affect Hundreds of Millions of IoT Devices

Zero-day vulnerabilities have been discovered that could impact millions of IoT devices found in data centers, power grids, and elsewhere.

The flaws, dubbed Ripple20, were detected by the JSOF research lab in a widely used low-level TCP/IP software library developed by Treck, Inc. In research published today, JSOF said Ripple20 includes multiple remote code execution vulnerabilities and affects "hundreds of millions of devices (or more)."

Researchers named the vulnerabilities Ripple20 to reflect the widespread impact they have had as a natural consequence of the supply chain "ripple-effect" that has seen the widespread dissemination of the software library and its internal flaws.

"A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people," wrote researchers.

Ripple20 reached critical IoT devices involving a diverse group of vendors from a wide range of industries. Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, and Baxter.

Researchers said many other major international vendors are suspected of being vulnerable in the medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail and commerce, and other industries. 

"The risks inherent in this situation are high," wrote researchers. "Data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction." 

By exploiting the flaws, an attacker could hide malicious code within embedded devices for years. One potential risk scenario is that a threat actor could broadcast an attack capable of taking over all impacted devices in the network simultaneously. 

"This is a classic case of finding critical vulnerabilities in embedded IoT devices that were designed years ago and may now be impossible or impractical to patch," commented Phil Neray, VP of IoT & industrial cybersecurity at CyberX.

"The best strategy is to implement compensating controls such as network segmentation to make it harder for adversaries to connect to these devices, plus Network Traffic Analysis (NTA) with Security Orchestration, Automation, and Response (SOAR) to quickly spot anomalous behavior—and stop it—before they cause a safety incident, shut down production, or steal intellectual property."

What’s Hot on Infosecurity Magazine?