This report was 1st published on our sister Site, The Internet Of All Things.
A series of vulnerabilities has been found by a research agency putting hundreds of Internet of Things (IoT) at risk.
According to the JSOF research lab, it had discovered a series of zero-day IoT vulnerabilitiesin a widely used low-level TCP/IP software library developed by Treck, Inc.
There are 19 of them, and have been given the name Ripple20, said JSOF in a blog post. The vulnerabilities affect hundreds of millions of devices (or more), and include multiple remote code execution vulnerabilities.
The risks inherent in this situation are high, claimed the research firm. Just a few examples: data could be stolen off of a printer, an infusion pump behaviour changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years. One of the vulnerabilities could enable entry from outside into the network boundaries; and this is only a small taste of the potential risks.
For the rest, click here.
