Vulnerabilities in open-source networking libraries affect millions of mobile devices

Blog 0 comments

Having a smart phone is one thing, but getting your mobile device hacked or hijacked by attackers may not be on your cards. But, recently, there were 33 vulnerabilities that affected million of smart devices around the world. Amnesia 33 vulnerability is a set of 33 vulnerabilities that affected various Embedded, IoT, OT and IT devices, according to Forescout Research Labs which discovered these (Vulnerabilities in open-source networking libraries).

Embedded vulnerabilities found in Open-Source networking stacks

According to the Research Lab, 4 open-source libraries of TCP/IP stack implementation namely uIP, FNET, picoTCP and Nut/Net have 33 vulnerabilities that could affect more than 150 vendors and corrupt memories of more than 1million smart devices (Vulnerabilities in open-source networking libraries).

 

According to Forescout, these vulnerabilities could be at immediate risk to organizations worldwide. Amenia 33 vulnerabilities could trigger the following put devices into infinite loops, access unauthorized and sensitive data, and/or poison DNS cache, Remote Code Execution, Denial of Service, Data Exfiltration etc. These can most definitely happen especially when more than 80% of the workforce of global organizations are working from home and have been using unmanaged devices at home (Vulnerabilities in open-source networking libraries).

Data Exfiltration in IPv6

So, a hacker can target and take over an organization by first hacking into the home internet router of an employee and hack into their laptop which is connected to your organization’s network through a VPN connection. The hacker can slowly start to corrupt the local area network of your organization and all the different types of networks your organization has.

According to Forescout, organizations must take immediate and swift actions to secure their networks from such vulnerabilities:

  1. Organization’s risk and exposure assessment, make sure critical networks are not accessible through the internet.
  2. Trust and rely on internal DNS servers, as they perform DNS-over-HTTPS for lookups.
  3. Disable or block IPv6 traffic, since the unchecked header/option lengths could be sent into infinite loops.
  4. Segregate and segment devices in your organization from your business network and check the level of risk each segment poses.
  5. If any devices are vulnerable, get their software updated or place firewalls or patch the devices.
  6. Get your Networking team to monitor malformed packets.
  7. If your employees use VPN to connect to your business networks, make sure they use a reputed and secure VPN service.

Take a look at all the smart devices that could be affected by Amnesia 33:

  1. Embedded Devices:

  1. Systems-on-chip (SoCs)
  2. Connectivity Modules
  3. OEM Boards
  1. OT Devices:

  1. Access Control doors and windows
  2. IP cameras
  3. Protocol Gateways
  4. HVAC
  1. Consumer IoT devices:

  1. Smart Plugs
  2. Smart Phone
  3. Sensors
  4. Game Console
  1. Network and Office:

  1. Printers
  2. Routers
  3. Servers

If you are not sue if your organisation’s smart devices are vulnerable to Amenia 33, then read and understand everything about the vulnerabilities, the affected vendors and recommendations by CISA (Cybersecurity and Infrastructure Security Agency).

Impact Of Covid 19 On DDI Industry in 2020

If you are looking to buy secure and dedicated IP blocks then connect with IPv4.deals team and we will get back to you on your query.

Author ipvadblog

Leave a Reply

Your email address will not be published. Required fields are marked *