New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking

2020-06-17 05:37

The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe.

According to Israeli cybersecurity company JSOF-who discovered these flaws-the affected devices are in use across various industries, ranging from home/consumer devices to medical, healthcare, data centers, enterprises, telecom, oil, gas, nuclear, transportation, and many others across critical infrastructure.

"Just a few examples: data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years," the researchers said in a report shared with The Hacker News.

Some Ripple20 flaws were patched by Treck or device manufacturers over the years due to code changes and Stack configurability, and for the same reason, many of the flaws also have several variants that apparently would not be patched anytime soon until vendors perform a comprehensive risk assessment.

Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/-v6jOV0_v3U/new-critical-flaws-put-billions-of.html

#hacking #internet