Articles Uncategorized NAME: WRECK vulnerabilities threaten millions of IoT devices

NAME: WRECK vulnerabilities threaten millions of IoT devices


Forescout experts presented a report on nine vulnerabilities in TCP / IP stacks, collectively named NAME: WRECK . These problems affect hundreds of millions of servers, smart devices, and industrial equipment.

NAME: WRECK is the fifth set of vulnerabilities affecting TCP / IP libraries found in the past three years. Suffice it to recall at least such “findings” of experts as  Ripple20 , URGENT / 11 and Amnesia: 33 . But all of the previous research looked at various TCP / IP mechanisms, and the NAME: WRECK study focuses on how libraries handle DNS traffic.

Forescout experts write that they found a total of nine vulnerabilities affecting 7 out of 15 TCP / IP stacks. Thus, three stacks are vulnerable to errors related to compression of DNS messages found in previous studies (such as Ripple 20 and Amnesia: 33), and four more stacks are vulnerable to new bugs found during the new analysis.

Among the other eight FNET libraries studied, cycloneTCP, uC / TCP-IP, FreeRTOS + TCP, Zephyr and OpenThread safely implement message compression, while Nut / Net and lwIP do not support message compression in principle, that is, they cannot be vulnerable.

It is reported that so far only developers of 3 out of 4 vulnerable stacks have released patches: patches were prepared by FreeBSD, Nucleus NET and NetX, and the creators of IPNet are still working on solving the problems.

While the release of fixes is great, the researchers warn that the situation is actually far from ideal. The fact is that installing patches on smart devices and industrial equipment usually takes a long time, since for this device manufacturers must integrate patches with their code and release their own firmware updates. Then these updates must be installed by clients, which can also become a problem, because many devices are installed in remote locations and are difficult to access without the firmware update mechanism “over the air” (FOTA), which is not supported by all devices.

Worse, only a few of the NAME: WRECK vulnerabilities require an attacker to be able to tamper with the victim’s DNS traffic. Edition of The the Record , communicate with researchers, he says that there are other vulnerabilities that can be used for the organization of remote attacks: an attacker would be enough to bombard vulnerable systems distorted DNS responses.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you