"Critical Flaws in Embedded TCP/IP Library Impact Millions of IoT Devices Across Industries"
Critical vulnerabilities found in an embedded TCP/IP library put millions of devices, including infusion pumps, printers, IP cameras, video conferencing systems, and industrial control systems at risk. The 19 vulnerabilities discovered by JSOF, a company specializing in the security of IoT and embedded devices, enable remote code execution over a network, thus allowing attackers to take full control of affected devices. Further investigation of the vulnerabilities revealed that they come from errors in the management of packets sent over the network using IPv4, ICMPv4, IPv6, TCP, UDP, and other protocols. The discovery of these flaws calls attention to the struggle to understand the extent of security vulnerabilities contained by IoT and embedded devices. It is difficult to understand the scope of such vulnerabilities because of supply chain complexity and a lack of awareness among vendors about what is used in the development of their software. This article continues to discuss the discovery and potential impact of the flaws, collectively called "Ripple20".