Protecting your network against Ripple20 vulnerabilities

In the realm of technology, some events can disrupt the landscape and force practitioners to reevaluate daily operations.

Earlier this year, the arrival of the Ripple20 breach was that kind of event—reminding IT pros across the globe that vulnerable third-party code can wreak havoc on IT systems, opening the door to malicious attacks.

Earlier this year, the JSOF research lab discovered a series of vulnerabilities that became collectively known as Ripple20 (). The Ripple20 vulnerabilities exist within the Trek Inc. TCP/IP library, which is used by hundreds of millions of IoT devices ranging from industrial IoT devices to consumer grade devices used in the home. The affected software library has also been used in other types of connected devices such as point-of-sale terminals, medical equipment, and aviation-related devices. These vulnerabilities can be exploited for remote code execution and even complete device takeover. These code bugs have been difficult to track and remove because of the widespread adoption of this third-party code in various systems. Indeed, the bugs may never be fully patched in some products.

The seriousness of the Ripple20 vulnerabilities has been well established through various proof of concept demonstrations. At this point, organizations must work to determine whether they are using devices that are affected by this collection of vulnerabilities, and if so, how to go about addressing the problem.

Locating Ripple20-Affected Devices

Unfortunately, determining which of an organization’s devices are affected by the Ripple20 vulnerability is not an easy task. As previously noted, the vulnerability exists in a low-level software library that dozens of different vendors use. Because so many devices use this library, automated detection of the vulnerability is difficult at best.

To read the complete article, please visit IoT World Today.