Digital security experts discover around 33 vulnerabilities in four open-source TCP/IP libraries that could affect millions of smart home products and industrial devices.
Most home devices and appliances today, including refrigerators, microwave ovens, and many more, use TCP/IP stacks for them to be Internet-of-Things (IoT) compatible. IoT describes the range of objects or things that have sensors and software that allow them to communicate and exchange data with other devices over the Internet. Recently, security researchers disclosed they found 33 security flaws in four open-source TCP/IP stacks used by a broad range of smart home products and industrial devices.
Cybersecurity researchers have discovered a slew of vulnerabilities included in foundational, open source software used in "millions" of smart home and IoT devices. https://t.co/70XVCzNB3I pic.twitter.com/L8rhzT5NlD — primo4k (@primo4k) December 9, 2020
According to the researchers, their discovery affects millions of consumer devices and industrial-grade equipment in many locations. Forescout security researchers named the 33 security flaws they found in four open-source TCP/IP stacks as Amnesia:33. They said it can impact a huge range of smart home products and industrial devices. If you are wondering as to what type of systems are affected by Amnesia:33, you can start from your smartphones, HVAC systems, gaming consoles, printers, IP cameras, badge readers, routers, sensors, switches, system-on-a-chip (SOC) boards, uninterruptible power supplies, and many other types of home and industrial equipment.
The security experts explained that the impact of Amnesia:33 vulnerability is so wide because it is found in four generally-used open-source libraries, namely, uIP, FNET, picoTCP, and Nut/Net. Forescout security researchers revealed that in the past 20 years, device makers would often add one of the four libraries to their devices' firmware so their products can support TCP/IP. The protocol is today's widely used networking communications protocol. With their discovery of 33 security flaws in four open-source TCP/IP stacks used by a broad range of smart home products and industrial devices, the likelihood of malicious attackers compromising the devices is huge.
According to Forescout security researchers, the 33 security flaws in four open-source TCP/IP stacks, which they discovered and called Amnesia:33, allows an attacker to initiate a broad range of attacks on various smart home products and industrial devices. These include Remote Code Execution (RCE), which is a means to take over control of a target device, and Denial of Service (DoS) to ruin the functionality of the device, which may create havoc in business operations. Attackers can also get hold of sensitive information using any of the 33 security flaws that the security researchers discovered, or may initiate DNS cache poisoning attacks to direct home devices or industrial equipment to access a malicious website.
Security researchers, however, say that exploiting home devices or industrial equipment using any of the 33 security flaws in four open-source TCP/IP stacks they discovered could affect millions of smart home products and industrial devices, depends on the devices or equipment you use. The location of the devices or where they are deployed across the network is also a major consideration. Forescout researchers also revealed that Amnesia:33 flaws are easy to find and many device manufacturers are now working on a security patch to resolve the flaw.
