Remember meForgot password?
    Log in with Twitter

article imageExpert says new Ripple20 bugs underscore need for action Special

By Tim Sandle     Jun 22, 2020 in Technology
New research revealing the Ripple20 bugs that impact hundreds of millions of IoT device - from printers to insulin pumps to power grids - underscores the need to put pressure on device manufacturers to take security more seriously.
The importance of addressing the risk posed by the Ripple20 bugs is outlined by Terry Dunlap, former NSA Offensive Cyber Operator and CSO and co-founder of ReFirm Labs. Ripple20 is the collective name given to 19 identified critical vulnerabilities in a widely used Transmission Control Protocol/Internet Protocol (TCP/IP) software library developed by an Ohio-based Treck Inc.
The vulnerabilities affect Internet of Things (IoT) devices produced by specialized boutique vendors as well as multiple Fortune 500 companies, said Israel-based security company JSOF, which discovered the security holes. Vulnerable products extend to smart-home devices, industrial control systems, medical and healthcare systems, and devices used in key parts of infrastructure, such as energy networks.
Looking at the implications of these newly identified threats, Terry Dunlap tells Digital Journal: "This means understanding what is running on the IoT device, what vulnerabilities it has, and how the manufacturer will patch the equipment." The impact of the Ripple20 and how IoT firmware is a major unprotected attack surface that hackers use to get a foothold and move laterally into corporate or critical infrastructure network is significant, the expert adds.
In other words, Dunlap explains: "Companies need to treat IOT with the security and compliance due diligence that they would with their enterprise applications. They wouldn’t find it acceptable to have servers running Windows 2000 in production, or use Linux servers that hadn’t been patched in four years. Yet those are the types of issues we see with the firmware of IOT devices all the time."
In addition to the latest issue, Terry Dunlap and his team of researchers from Maryland-based IoT firmware security startup ReFirm Labs were the first to point out backdoors built into the world’s second largest security camera manufacturer, Dahua. These cameras are banned by the U.S. government but remain in use. Considered the world's leading expert on firmware vulnerabilities and nation state attacks on IoT.
More about Ripple20 IT bugs, Cybersecurity, Cyberattack
Latest News
Top News