In 2020 a small cybersecurity research company has found a set of 19 vulnerabilities that were originated from Treck Internet Protocol library. The vulnerabilities have affected different manufacturers as it was used in their components.
JSOF has declared information on a group of vulnerabilities known as Ripple20. They have the potential to impact millions of IoT devices across different industries. Some of them are delicate machines in medical, transportation, manufacturing industries, etc. These vulnerabilities were seen in an American software Treck Inc. This software uses a lightweight TCP/IP stack and allows companies to connect their devices or software to the internet via TCP/IP connections. The software has been used by different manufacturers and because of this, the impact was widespread.
Problems of Ripple20
Ripple 20 led the hackers to access vulnerable devices through local networks or over the internet and can take control of devices. One of the vulnerability is a DNS protocol where a hacker can attack devices that are not connected to the internet. Other possible attacks defined by JSOF, include the use of vulnerable devices to target other devices in a network, utilizing the vulnerable device to act hidden in-network, and broadcasting an attack to take control of all infected devices in the network, etc..Four of the Ripple20 vulnerabilities are critical, with CVSS (common vulnerability scoring system) scores over 9 and enable Remote Code Execution. Treck has released a security update addressing these vulnerabilities.
Solutions against Ripple20
To avoid Ripple20 Vulnerabilities, detection is one of the major steps.
Products like EdgeIPSTM and EdgeFireTM can help owners find Ripple 20 vulnerabilities through network traffic scanning. Try to block abnormal IP traffic. The users take protective measures against these vulnerabilities by installing updates from Treck, minimizing network exposure, implementing firewalls, using virtual private networks, and internal DNS servers.