author photo
By Clare O’Gara
Wed | Jun 17, 2020 | 11:34 AM PDT

When it comes to catching cyber vulnerabilities, this study has some stunning 20/20 vision.

New research from Israeli security firm JSOF recently found vulnerabilities in millions of critical Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices in a range of fields and industries.

Iot and IIoT security risks

According to researchers, these vulnerabilities affect hundreds of millions of devices (or more) and include multiple remote code execution (RCE) threat vectors.

The risk is high, and the research reveals examples of potential consequences:

"Data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years. One of the vulnerabilities could enable entry from outside into the network boundaries; and this is only a small taste of the potential risks."

From a personal printer to smart manufacturing to the power industry, Ripple20 poses a serious risk. This is particularly true when it comes to supply chain security.

"Ripple20 reached critical IoT devices from a wide range of fields, involving a diverse group of vendors. Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter, as well as many other major international vendors suspected of being of vulnerable in medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail and commerce, and other industries."

How did Ripple20 vulnerabilities become so widespread? The reason comes down to a software library, and it explains how "Ripple" became part of Ripple20's name:

"The interesting thing about Ripple20 is the incredible extent of its impact, magnified by the supply chain factor. The wide-spread dissemination of the software library (and its internal vulnerabilities) was a natural consequence of the supply chain 'ripple-effect.' A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people."

Iot and IIoT security risk mitigation

Here is a list of risks the researchers say are associated with these vulnerabilities:

  • An attacker from outside the network taking control over a device within the network, if internet facing.
  • An attacker who has already managed to infiltrate a network can use the library vulnerabilities to target specific devices within it.
  • An attacker could broadcast an attack capable of taking over all impacted devices in the network simultaneously. 
  • An attacker may utilize affected device as a way to remain hidden within the network for years.
  • A sophisticated attacker can potentially perform an attack on a device within the network, from outside the network boundaries, thus bypassing any NAT configurations. This can be done by performing a MITM attack or a DNS cache poisoning.
  • In some scenarios, an attacker may be able to perform attacks from outside the network by replying to packets that leave network boundaries, bypassing NAT.

For an overview of supply chain security, watch the recent SecureWorld web conference, Introduction to Supply Chain Security, which is available on-demand.