Security vulnerabilities in millions of Internet of Things devices (IoT) could allow cyber criminals to knock devices offline or take control of them remotely, in attacks that could be exploited to gain wider access to affected networks.
The nine vulnerabilities affecting four TCP/IP stacks – communications protocols commonly used in IoT devices – relate to Domain Name System (DNS) implementations, which can lead to Denial of Service (DoS) or Remote Code Execution (RCE) by attackers. Over 100 million consumer, enterprise and industrial IoT devices are potentially affected.
Uncovered and detailed by cybersecurity researchers at Forescout and JSOF, the vulnerabilities have been dubbed Name:Wreck after the way the parsing of domain names can break DNS implementations in TCP/IP stack, leading to potential attacks.
The report follows Forescout’s previous research into vulnerabilities in Internet of Things devices and forms part of Project Memoria, an initiative examining vulnerabilities in TCP/IP stacks and how to mitigate them. Vulnerabilities were uncovered on popular stacks including Nucleus NET, FreeBSD and NetX.
While security patches are now available to fix the vulnerabilities, applying security updates to IoT devices can be difficult – if it’s even possible at all – meaning that many could remain vulnerable, potentially providing a means for cyber attackers to compromise networks and services.
“This can be an entry point, a foothold into a network and from there you can decide, basically, what the attack is,” Daniel dos Santos, research manager at Forescout research labs, told ZDNet.
“One of the things that that you can do is just basically take devices offline by sending malicious packets that crash the device. Another thing is when you’re able to actually execute code on the device, that opens up the possibility of persistence on the network or moving laterally in the network to other kinds of our targets,” he explained.
According to the report, organisations in healthcare could be among the most affected by the security flaws in the stacks, potentially enabling attackers to access medical devices and obtain private healthcare data, or even take devices offline to prevent patient care.
The vulnerabilities could also help cyber attackers gain access to enterprise networks and steal sensitive information, and may have the potential to impact industrial environments by enabling attackers to tamper with — or disable — operational technology.
It’s, therefore, recommended that organisations apply the necessary security patches as soon as possible to help protect their networks.
“Complete protection against Name:Wreck requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up-to-date patches for any devices running across these affected IP Stacks,” said dos Santos.
SEE: Security Awareness and Training policy (TechRepublic Premium)
In some cases, it might not even be possible to apply patches to IoT devices. In these instances, there are additional steps organisations can take to help protect networks against exploitation.
“Besides patching, which of course is the thing that everybody should try to do, there are other things that can be done, like segmentation and monitoring network traffic,” said dos Santos.
It’s hoped that developers of TCP/IP stacks take heed of all of the Project Memoria reports in order to help build better security into devices in order to prevent similar security vulnerabilities being uncovered in future.
“There is much work left to be done to understand the real dangers behind the foundations of IT/OT/IoT connectivity, and the more parties we can get involved in finding vulnerabilities, fixing them and providing higher-level solutions, the faster we can transition to a more secure world.” the research paper concludes.