Ripple20: 19 Zero-Day flaws put billions of Internet of Things devices at risk from hackers

0

Ripple20: 19 zero-day vulnerabilities that put billions of Internet of Things connected devices at risk of hacking

Your daily use Internet of Things devices like Wi-Fi router, smart TVs, smart speakers, toys, wearables, smart meters, and smart appliances are at risk of hacking. Not from one flaw but 19 different zero-day vulnerabilities according to the researchers from Israeli cybersecurity company JSOF.

JSOF researchers found 19 different zero-day vulnerabilities in a low-level TCP/IP software library developed by Treck. The JSOF researchers have named this bunch of flaws as Ripple20. The researchers say that the vulnerabilities are easy to exploit and if weaponized, could let potential hackers gain complete control over your Internet of Things devices remotely without even you knowing it.

The Treck software library is used by billions of Internet of Things devices and the vulnerabilities described by JSOF researchers could affect almost every other device. The IoT devices most at risk from Ripple20 attack are used in medical and healthcare, data centers, manufacturing, gas, oil, nuclear, transportation, and other very key public infrastructures.  ”

Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years.

JSOF researchers

The researchers say that out of these 19 Ripple20 zero-days, four are utmost critical and have a CVSS risk rating of over 9. These critical vulnerabilities reside Treck TCP/IP stack and could let potential hackers execute arbitrary code on targeted devices remotely. The researchers state in their report that one critical bug affects the DNS protocol and can be exploited by a sophisticated hacker over the internet, from outside the network boundaries, even on devices that are not connected to the internet.

The other 15 vulnerabilities are in ranging degrees of severity with CVSS score ranging from 3.1 to 8.2, and effects ranging from Denial of Service to potential Remote Code Execution

JSOF report.

Ripple20 PoC video

The JSOF researchers have released a Ripple20 Proof-of-Concept video by hacking a UPS.

Here are some of the Ripple20 zero-days listed by JSOF in their report:

  • CVE-2020-11896 (CVSS v3 base score 10.0): Improper handling of length parameter inconsistency in IPv4/UDP component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution.
  • CVE-2020-11897 (CVSS v3 base score 10.0): Improper handling of length parameter inconsistency in IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in possible out-of-bounds write.
  • CVE-2020-11898 (CVSS v3 base score 9.8): Improper handling of length parameter inconsistency in IPv4/ICMPv4 component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in the exposure of sensitive information.
  • CVE-2020-11899 (CVSS v3 base score 9.8): Improper input validation in the IPv6 component when handling a packet sent by an unauthorized network attacker. This vulnerability may allow exposure of sensitive information.
  • CVE-2020-11900 (CVSS v3 base score of 9.3): Possible double free in IPv4 tunneling component when handling a packet sent by a network attacker. This vulnerability may result in remote code execution.
  • CVE-2020-11901 (CVSS v3 base score 9.0): Improper input validation in the DNS resolver component when handling a packet sent by an unauthorized network attacker. This vulnerability may result in remote code execution.

The JSOF researchers reached out to different IoT manufacturers and Treck about the vulnerabilities. Treck has patched most of the flaws by updating the TCP/IP stack version to 6.0.1.67 and higher. Out of the IoT manufacturers reached out by JSOF only 9 manufacturers confirmed to them about patching their devices :

The Ripple20 vulnerabilities have been noted by the United States Department of Homeland Security and CISA ICS-CERT who will today issue a critical security advisory to over 500 vendors across the world to patch the said 20 zero-days.

Share.

About Author

Hacker, coder, Jouno by night When a good man is hurt, all who would be called good must suffer with him

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments