Millions of Internet of Things devices (IoT) had a security vulnerability that could let attackers to make devices offline or take control of them remotely, in attacks that could be exploited to gain wider access to affected networks.
The nine vulnerabilities affecting four TCP/IP stacks – communications protocols commonly used in IoT devices – relate to Domain Name System (DNS) implementations, which can lead to Denial of Service (DoS) or Remote Code Execution (RCE) by attackers.
More than 100 million consumer, enterprise and industrial IoT devices are affected.
The vulnerabilities that have been dubbed Name:Wreck was discovered and reported by security researchers at Forescout and JSOF. It has been named so due to the way the parsing of domain names can break DNS implementations in TCP/IP stack, leading to potential attacks.
The report follows Forescout’s previous research into vulnerabilities in Internet of Things devices and forms part of Project Memoria, an initiative examining vulnerabilities in TCP/IP stacks and how to mitigate them. Vulnerabilities were uncovered on popular stacks including Nucleus NET, FreeBSD and NetX.
Even though security patches to fix the vulnerabilities are available now, it is difficult to apply the updates to IoT devices. Even if it is possible, it might still remain vulnerable, potentially providing a means for cyber attackers to compromise networks and services.
Daniel dos Santos, research manager at Forescout research labs, said that this could be an entry point, a foothold into a network from where you can decide what the attack is. One of the things that could be done is to just take devices offline by sending malicious packets that crash the device. Another thing is when you are able to execute code on the device, that opens up the possibility of persistence on the network or moving laterally in the network to other kinds of our targets.
As per the report, healthcare industry could be among the most affected by the security flaws in the stacks, thereby enabling attackers to access medical devices and get private healthcare data, or even take devices offline to prevent patient care.
The vulnerabilities could also be used to get access to enterprise networks and steal sensitive information.
In order to get complete protection against Name:Wreck, it is necessary to patch the devices running the vulnerable versions of the IP stacks. So, all the organizations are highly recommended to apply the necessary security patches at the earliest for any devices running across these affected IP Stacks.
In cases where it is not possible to apply patches to IoT devices, there are additional steps that can be taken by the organizations to help protect networks against exploitation like segmentation and monitoring network traffic.
The developers of TCP/IP stacks are required to pay attention to all of the Project Memoria reports in order to build better security into devices to prevent such security vulnerabilities in the future.