Millions of IoT Devices Have Vulnerabilities in TCP/IP Stacks

IoT devices are increasingly present in our day to day. As we know, they are all those computers that we have in our homes with an Internet connection. We are talking about televisions, light bulbs, video players … There are more and more and that also poses a challenge for the cybersecurity of the network. In this article, we cover a number of vulnerabilities that affect four open source TCP / IP stacks that are used in millions of Internet of Things devices.

They find vulnerabilities that affect millions of IoT devices

Security flaws , vulnerabilities in short, is something that affects all types of systems and equipment. Hackers can use these holes to successfully carry out their attacks. They can access devices, collect information, steal passwords … This means that we must always keep our systems up to date and correct those problems.

IoT Devices Have Vulnerabilities in TCP/IP Stacks

This time it is a total of 33 security vulnerabilities that affect four open source TCP / IP stacks that are used in millions of IoT devices around the world.

These flaws affect memory, allow attackers to remotely execute malicious code, denial of service attacks, steal confidential information or inject malicious DNS records. As we can see, all this puts the security of the equipment at risk and also affects the privacy of the users.

Seguridad de los dispositivos IoT de segunda mano

Vulnerable TCP / IP stacks

The open source TCP / IP stacks that are vulnerable are PicoTCP, FNET, Nut / Net, and uIP . These vulnerabilities have been found in seven different stack components: DNS, IPv6, IPv4, TCP, ICMP, LLMNR, and mDNS.

According to security researchers, these vulnerabilities are found on a wide variety of computers . We can name integrated components (connectivity modules and OEM boards), as well as consumer IoT devices (such as smart plugs or thermostats). Others such as printers, servers, IP cameras or access control systems have also been affected.

Not all vulnerabilities are created equal, so not all affected devices may pose a similar threat. For example, a vulnerability that allows a DoS attack is not considered critical unless it affects systems where it could seriously damage operation or put security at risk.

Security researchers indicate that it is difficult to list all the affected devices, since they are multiple open source TCP / IP stacks that are used by millions of computers. Many IoT devices do not offer a BOM of the software they use, so knowing which operating system, firmware, or TCP / IP stack they use can be a time-consuming problem.

They recommend that organizations adopt solutions such as monitoring network communications and isolate devices that are vulnerable.

Security problems that affect IoT devices are relatively common and increase as we have more connected equipment. That is why it is essential to always take steps to protect ourselves. It is very important that they are correctly updated in order to correct known vulnerabilities. So is having security programs when possible. We leave you a tutorial with tips to protect IoT equipment.