Millions of IoT devices at hacking risk globally: Report - San Francisco News
by Maria Thomas
Updated Jun 17, 2020
The list of affected vendors includes HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar and Baxter.
According to JSOF, a boutique cybersecurity organization, the vulnerabilities dubbed ‘Ripple20' relate to the Treck TCP/IP stack, a TCP/IP protocol suite designed for embedded systems.
The vulnerability affects hundreds of millions of IoT devices that could potentially allow nefarious actors, including nation-states, to remote take-over of these devices, the organization said in a statement late Tuesday.
JSOF said it discovered the Treck vulnerability while doing a security analysis of a single device last fall and found that its TCP-IP stack contained hackable vulnerabilities.
The firm soon realised that the code wasn't written by the device's manufacturer, but rather came from Treck; that meant the bugs weren't in a single device but everywhere underscoring how widely IoT flaws can propagate
The risks inherent in this situation are high.
"Data could be stolen off of a printer, an infusion pump behaviour changed or industrial control devices could be made to malfunction.
"An attacker could hide malicious code within embedded devices for years. One of the vulnerabilities could enable entry from outside into the network boundaries; and this is only a small taste of the potential risks," the researchers explained.
JSOF said it has contacted every vendor of affected devices, and many of the companies have released software updates.
The organisation has been working with several organizations to coordinate the disclosure of the flaws.
Related Articles
- Optical Illusion Brain Test: If you have Sharp Eyes Find the Number 442 in 20 Secs
- London-based firm Nothing to release its Phone (2)
- Covid will continue to cause mini-waves, not become seasonal yet: Scientists
- Hackers offering crypto accounts for as low as $30 on darknet
- Reddit's new feature to allow users to share its content on other platforms
- Surgical masks can help kids fight respiratory infections: Study
- LinkedIn's new AI feature to write messages to hiring team
- Microsoft introduces Xbox Game Pass' new Friend Referral programme
- Disbursed over Rs 31 cr in claims to delivery partners in FY22-23: Swiggy
- India emerging as favourable destination for clinical trials: Report