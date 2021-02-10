



Vulnerabilities in communication protocols used in millions of Internet of Things (IoT) and operational technology (OT) devices could allow cyber attackers to intercept and manipulate data.

Some TCP / IP stack vulnerabilities have been described in detail by Forescout cybersecurity researchers. Forescout calls the set of nine new vulnerabilities “Number: Jack”.

It forms an ongoing investigation by cybersecurity companies as part of Project Memoria, an initiative to investigate TCP / IP stack vulnerabilities and how to mitigate them.

Reference: Enterprise with sensor: IoT, ML, big data (ZDNet special report) | Download report as PDF (TechRepublic)

The latest disclosure is based on the generation of the initial sequence number (ISN), which is a fundamental aspect of TCP communication in embedded devices. These ISNs are designed so that all TCP between two computers or other Internet-connected devices is unique and cannot be blocked or manipulated by a third party.

To ensure this, ISNs should be randomly generated to prevent attackers from guessing, hijacking, or spoofing ISNs. This is the basis of computer security already known in the 90’s, but when it comes to security for IoT devices, researchers have discovered that this old vulnerability exists because the numbers weren’t completely random. Therefore, the pattern of ISN numbers for these TCP communications is expected.

Forescout research manager Daniel Dos Santos told ZDNet, “This issue has been mostly fixed in the Windows and Linux, and general IT worlds, but when you look at the IoT world, the issue reoccurs. I am doing it. “

“It’s not difficult for us or an attacker to find this type of vulnerability, as we can clearly see that the numbers generated by the stack are predictable,” he added.

An attacker could close an existing TCP connection by predicting it, effectively causing a denial of service attack by preventing data from being transferred between devices. Alternatively, you can hijack and insert your own data into the session. This allows you to intercept unencrypted traffic, add file downloads to serve malware, and use HTTP responses to direct victims to malicious websites. An attacker could also exploit the TCP connection of an embedded device to bypass the authentication protocol. This could allow an attacker to gain additional access to the network.

All vulnerabilities have been discovered and disclosed to relevant vendors and maintainers of the affected TCP / IP stack by October 2020.

The TCP / IP stack, which was found to contain vulnerabilities, includes several, such as uIP, FNET, picoTCP, Nut / Net, CycloneTCP, and uC / TCP-IP, analyzed in a previous Forescout study. Contains an open source stack. The vulnerabilities have also been found in Siemens’Nucleus NET, Texas Instruments’ NDK TCPIP, and Microchip’s MPLAB Net.

The majority of vendors have patched or are in the process of protecting their devices from vulnerabilities, but researchers say they haven’t responded to the disclosure at all. ZDNet has attempted to contact each vendor detailed in the research paper for assistance.

Forescout has not publicly identified the exact device that relies on nine stacks that have been found to be vulnerable in order to prevent it from becoming a potential victim of an attack. However, keep in mind that medical devices, wind turbine monitoring systems, storage systems, and other systems all rely on systems that are known to use the stack under investigation.

See: What’s on the network?Shadow IT and Shadow IoT challenge technology sensibilities

To help protect against attacks, Forescout Research Labs has released an open source script that helps identify stacks that have been found to be vulnerable as part of Project Memoria.

If these vulnerabilities are discovered on your network, we recommend that you apply security patches to prevent them from being used by attackers. Also, if you are unable to patch your IoT or OT device, we recommend that you segment the affected product into parts of your network to reduce the potential for compromise.

This study also reminds us that there are security lessons to be learned from IT security when it comes to IoT device security, especially when it comes to fundamentals that have been known for decades.

“The foundation of the IoT is vulnerable, spanning not just one vendor or specific device, but multiple types of devices and the software components used in these devices. Often, similar types of vulnerabilities. We share, “says dos Santos.

“The reason we looked at the entire TCP stack is to show that the history is being repeated in several stacks. This is what people have done before, and it’s in the operation of the entire IoT supply chain. It provides proof that we need to find out how it affects us, “he added.

