Ripple20 TCP/IP Flaws Affects Millions of Devices Even Though a Patch Exists
A set of security flaws in a TCP/IP library used by millions of Internet of Things (IoT) devices are difficult to address even though there is a fix. The flaws are collectively called Ripple20 and were originally discovered by security company JSOF in September 2019. It affects a lightweight, proprietary TCP/IP library created by a small company in Ohio called Treck, which has issued a patch. Several of the vulnerabilities could allow hackers to steal data and execute malicious code.
The vulnerabilities aren't the only problem. The TCP/IP library that contains the vulnerabilities are used in millions of connected devices, from medical devices to industrial control systems to printers. Because of the number of devices involved, delivering and applying the patch is a huge undertaking. Many devices don't have the ability to receive remote patches which exacerbates the problem even further. Discovering whether a company's networks are affected can be a challenge, according to Brian Kime, a senior analyst at Forrester Research. The flaw will be difficult to fix because it's embedded and vendors don't advertise all the software components that go into their devices. The effort to fix the flaw is already under way, but it's a huge task, involving dozens of companies at every level of the supply chain. Businesses will have to work with vendors and suppliers and every level just to identify their exposure to Ripple20.
Many of the critical pieces of equipment that could be targeted are not visible to the Internet at large and don't have a direct connection to it. So while an infrastructure attack like Stuxnet is possible, it would have to be deployed in much the same way on an infected USB stick or another traditional malware delivery technique.
JSOF's official post contains additional information about what devices might be affected. On a positive note, there’s no indication that the flaw is being exploited in the wild at this point. That may change, as hackers react to the flaw being made public and start exploiting the flaw. They still will have a difficult time taking advantage of Ripple20, according to Terry Dunlap, former NSA Offensive Cyber Operator.