Forescout and JSOF security researchers discovered nine bugs in four widely used TCP/IP stacks. They say that these vulnerability bugs, called “Name:Wreck.” impact more than 100 million computers. They mostly impact Internet of Things (IoT) devices as well as IT management servers. The flaws can be found in both open source and proprietary stacks, such as FreeBSD and Siemens’ Nucleus NET.
The flaws all pertain to how these TCP/IP stacks handle DNS servers. While they found no evidence that these holes have been used in the wild, hackers could potentially utilize them to crash a network or infiltrate a victim’s infrastructure allowing them remote control. These implications could be catastrophic for critical systems like those used in health care, manufacturing, or government networks.
The security teams disclosed the flaws to various developers, including Siemens, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency, and other security tracking groups. Patches have been issued for all nine of the flaws, but that does not necessarily solve the overall problem.
“With all of these findings, I know it may appear that we’re just bringing problems to the table,” Forescout’s VP of Research Elisa Costante told Wired. “But we’re really trying to raise awareness, work with the community, and figure out ways to address it.”
There are at least 100 million smartphones on the market, though others believe that the number may be in the billions. Many run on outdated codes, and others have no way of upgrading the technology. So, though patches exist, there is no way to distribute them to specific devices. The researchers did not specify which computers are still vulnerable. Forescout, on the other hand, developed an open-source script to assist administrators in locating compromised IoT devices and servers on the network.
They also emphasise that there are just nine defects in the 15 TCP/IP stacks they examined. There may be even more, but identifying them would take time. They point out that these gaps remain since the majority of these stacks predate IoT computers. The programming has always worked as planned, but security mechanisms have changed over the past two decades although the programme has not.
“For better or worse, these devices have code in them that people wrote 20 years ago—with the security mentality of 20 years ago,” said Red Balloon Security CEO Ang Cui. “And it works; it never failed. But once you connect that to the internet, it’s insecure. And that’s not that surprising, given that we’ve had to really rethink how we do security for general-purpose computers over those 20 years.”Forescout advises restricting direct internet access to those facilities as far as possible before more machines can be replaced or upgraded. Network administrators can also redirect traffic using an independent DNS api. Since the bugs are now established, it should be easier to spot intrusions that take advantage of them.