June 22, 2020 by Tim
The ripple we’re discussing today is not so pretty.
Last week, security research firm JSOF made an announcement that computer experts will be talking about for years. The company discovered 19 previously unknown vulnerabilities in the Treck TCP/IP stack, a widely-used networking software component. Affected devices include products from big names such as Dell, HP, Broadcom, Honeywell, and dozens more.
The TCP/IP stack is a key component of modern computer networking. Basically, TCP/IP sets the rules for how devices communicate across networks. Without the united forces of the Transmission Control Protocol (TCP) and Internet Protocol (IP), computer networks, smartphones, and the Internet itself wouldn’t exist. Almost all connected devices, from large supercomputers down to the tiniest security camera use TCP/IP.
Today, machines such as printers, industrial machines, medical devices, and even smart-home devices such as programmable thermostats have tiny computers integrated into their designs. We call these mini-computers embedded systems. You may also hear the newer term Internet of Things (IoT) used to refer to modern network-connected machines.
Computing power and storage space are often limited in these devices. To save space and resources, IoT computers typically don’t run a full operating system like Microsoft Windows. Instead, they run a miniature, stripped-down system that contains just the bare essentials.
IoT devices usually run a stripped-down, miniature operating system.
Enter the Treck TCP/IP stack. Treck, Inc. is a relatively small computing company that provides a miniaturized TCP/IP system for embedded devices. Treck TCP/IP allows IoT devices to access networks with a small, efficient software package.
The security research firm JSOF performed an in-depth analysis of the Treck TCP/IP stack and discovered 19 previously unknown vulnerabilities. The exploits are about as bad as it gets in cybersecurity: an attacker could use the Ripple20 bugs to infiltrate a network from the outside, and/or move laterally within a network that’s already been compromised, all without any user interaction.
If you are interested in the technical details on how the Ripple20 bugs work, you can read JSOF’s technical whitepaper here.
The Treck TCP/IP stack grew to be very popular and has been added to countless connected devices. And when I say “countless”, I really do mean countless. Many embedded devices include components from other vendors, either software or hardware, which in turn use the Treck TCP/IP Stack themselves. In some cases, this supply chain problem runs several layers deep.
That’s why the new vulnerability is known as Ripple20: the effect is going to “ripple” across the world of connected devices (in case you’re wondering, the “20” stands for the year 2020). Simply identifying which devices are affected will be a massive challenge. To make matters worse, even devices that are identified as vulnerable may have no way to be updated to correct the bugs, or their manufacturers may have gone out of business and be unable to provide a patch.
The effects of Ripple20 will be felt for years.
As I mentioned earlier, IT professionals are going to feel the pain from Ripple20 for years to come. While Treck, Inc has released an update version of their TCP/IP product that fixes the exploits, it will take time to find and patch all affected devices, if discovery and patching is even possible (and it won’t be, in many cases). It’s only a matter of time before we start to see attacks in the wild that exploit the Ripple20 vulnerabilities.
Considering just how many devices are affected by Ripple20, it’s extremely likely that you own a vulnerable system. For example: got an HP printer? You may be affected. That right there covers probably 50% of home and business users! You can find a full list of affected vendors at the JSOF website.
So, it’s safe to assume that some device or other on your network is affected by Ripple20. How, then, can you mitigate the risk? Here’s a few basic steps:
Want to make double-sure that you’re safe from Ripple20? An IT firm like Green Mountain IT Solutions can help identify affected devices on your network, patch them, and wall them off so they won’t leave the door open to your network. Contact us today to find out more.
