Millions of IoT Devices At Risk: Vulnerability In TCP / IP stack

According to Forescout's own research, millions of Internet of Things devices and industrial systems are vulnerable to attacks due to security leaks in the TCP / IP stack used. A security study was conducted on various TCP/IP stacks. These are applications that communicate in a basic manner over a network. Researchers examined the DNS (domain name system) clients of various TCP / IP stacks and their handling of DNS traffic specifically.

A recent study by researchers at the University of Minnesota found DNS to be a complex protocol that has many security flaws when deployed incorrectly. For example, DNS's "message compression" feature can be exploited by attackers for malicious purposes, they noted. While DNS response packets often contain the same domain name or part thereof, messages can be compressed to reduce the number of times the name is used, making the DNS message smaller.

Researchers found that FreeBSD, Nucleus NET, NetX, and IPNet fail to implement DNS message compression correctly, leading to vulnerabilities. In total, this concerns nine vulnerabilities that are remote code execution, causing a denial of service, or leading to a dns cache poisoning. Updates have been released by FreeBSD, Nucleus NET and NetX. However, the question remains if these will eventually cover all vulnerable IoT devices. For example, device suppliers are required to make updates available and administrators may need to install them manually.

Researchers report that in order to exploit these vulnerabilities, attackers have to first gain access to an organization's network. The attacker then needs to set up rogue DHCP servers on devices on the network to attack other users.

In order to protect against potential attacks, companies must map vulnerable TCP / IP stacks, apply network segmentation, configure devices to only use internal DNS servers, install available patches immediately, and monitor network traffic.
Previous Post Next Post