19 remotely exploitable flaws in TCP/IP protocol suite in all embedded systems & IoT devices

Specialists from a cyber security course have revealed the discovery of multiple vulnerabilities in Internet of Things (IoT) devices and embedded systems whose exploitation would allow hackers to gain malicious access to this technology. These flaws could be exploited only by sending DNS or IP packets.

The report, published by JSOF researchers, points to a total of 19 vulnerabilities, dubbed Ripple20, all related to the Treck TCP/IP stack, a set of TCP/IP protocols designed for embedded systems. The severity of these flaws varies between critical and severe range, and could be exploited to trigger malicious scenarios, including remote code execution attacks, denial of service (DDoS), and data theft, among others.


According to the experts of a cyber security course, these vulnerabilities can lead to all kinds of attacks: “Threat actors can extract information from a printer, modify industrial control systems, or deploy malware across the entire compromised network,” the report says.

While it is almost impossible to determine the number of IoT equipment vulnerable to these failures in the world, researchers believe hundreds of millions of exposed devices are: “Affected companies range from small businesses to large multinational firms,” the researchers say. Among the large companies that could be exposed are Schneider Electric, Intel, Rockwell Automation, HP, Caterpillar, among many others.

Experts from the cyber security course mentioned that these flaws could affect companies of all kinds, including the transportation industry, industrial control, energy companies, telecommunications and many more.

Because these devices were released years ago, updating them is a highly complex or even impossible task, considers Phil Neray, cybersecurity specialist at CyberX Inc. To address these flaws, the expert proposes to implement other kinds of controls, such as network segmentation, to make it harder for hackers to access greater computing resources after compromising an IoT device. 

According to the International Institute of Cyber Security (IICS), the vulnerability lies in a library used in hundreds of sensitive devices, such as those found in industrial control applications, medical devices, power grids, oil and other forms of power supply. Because vendors reuse common software libraries, this set of vulnerabilities could have a significant scope, and this factor greatly hinders a potential upgrade process.