33 TCP/IP Stack Flaws Pose Hacking Risk to Millions of IT, IoT Devices

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

By Jessica Davis

– A new Forescout Research Labs report disclosed a set of 33 vulnerabilities found in four open source TCP/IP stacks, foundational elements of millions of IT and IoT devices, including those in healthcare. A successful exploit could result in remote code execution, or even data loss.

Dubbed Amnesia:33, the flaws impact over 150 vendors and millions of IoT, IT, and OT devices. Researchers stressed the impact could be much greater, as vulnerable stacks are widely spread across devices, highly modular, and incorporated into undocumented, deeply embedded subsystems.

Overall, the group of vulnerabilities have four categories of potential impact that include remote code execution (RCE), denial of service (DoS through crash or infinite loop), data leak, and DNS cache poisoning.

An attacker could exploit these flaws to take full control of a targeted device via RCE, impact the device function via DoS, access and or steal potentially sensitive information, or inject malicious DNS records to direct a device toward a hacker-controlled domain.

Most of the AMNESIA:33 flaws impact the DNS, IPv6, and TCP components. Forescout explained that “to exploit AMNESIA:33 vulnerabilities, an attacker needs a communication path to a vulnerable device or a routed path to an internal network.”

READ MORE: Report: 72% Orgs Faced Increase in IoT, Endpoint Security Incidents

The affected TCP/IP stacks are found in operating systems, systems-on-a-chip, networking equipment, embedded devices, and a host of enterprise and consumer IoT devices. And the flaws are found in uIP, FNET, picoTCP and Nut/Net stacks, which are not owned by one single company.

As a result, these vulnerabilities easily spread across multiple codebases, development teams, companies and products. Thus, disclosing and identifying vulnerable devices will prove challenging, researchers explained.

The vulnerabilities join an earlier disclosure from JSOF, Ripple20: a set of 19 critical flaws found in the TCP/IP communication stack of hundreds of millions of IoT and connected devices.

The flaws were found in the low…