Tuesday, December 8th, 2020
Networked devices are at risk
Researchers find massive security holes
Several months ago, the "Ripple20" vulnerability rocked the "Internet of Things". Now US researchers are tracking down many technical weak points. This affects products such as networked cameras, barcode scanners – and hospital equipment connected to the Internet.
US security researchers have discovered a number of serious security vulnerabilities in networked industrial control systems, medical devices, and other networked devices. The security company Forescout said that organizations and companies around the world are affected by the vulnerabilities that are grouped under the name "Amnesia: 33".
"Amnesia: 33" mainly describes incorrect implementations of the technical Internet protocol TCP / IP in networked devices, especially in industrial environments. According to Forescout, the errors are in the products of at least 150 suppliers worldwide. This affects networked cameras, environmental sensors for example for temperature and humidity, systems for intelligent lighting, smart plugs, barcode scanners, networked special printers, audio systems for retail and internet-connected devices in hospitals.
Forescout did not publish any further specific information about the providers concerned or the specific devices in order not to play into the hands of potential attackers. The manufacturers were advised of the loopholes four months ago. Forescout discovered a total of 33 new vulnerabilities during its research work on TCP / IP, four of which were "critical". Attackers could use these to steal data, overload systems or take control of the affected devices. The results of the investigation are reminiscent of the serious security hole "Ripple20" that shook the "Internet of Things" in June.
Aquarium makes Las Vegas casino vulnerable
According to its own information, the Federal Office for Information Security (BSI) contacted 31 European companies, 14 of them in Germany. "We were able to help all of the companies that responded to our advice to close the problematic vulnerabilities. Nevertheless, there are a number of companies that have not responded."
The technical implementation of the Internet protocol, the so-called TCP / IP stack, is considered the most vulnerable part of network devices. A vulnerability in a single networked device can undermine the security of the entire network. Around four years ago, the well-secured finance department of a casino in Las Vegas was hacked by the fact that there was an aquarium with an Internet connection in the local network of the house. The system used to monitor the feeding of the fish and the condition of the water via the internet contained a security hole and drilled a hole in the casino's digital defensive wall.
According to Forescout, building automation systems that control access to a building or serve as fire and smoke alarms are now also at risk. The vulnerabilities were also discovered in networked electricity meters, batteries, heating and air conditioning systems, and in certain industrial control systems. Furthermore, network devices such as routers, switches or WiFi hotspots are obviously affected en masse. According to reports, the Fritzbox from the Berlin manufacturer AVM, which is popular in Germany, is not one of them. It is likely that devices that are used in industrial plants are primarily affected.
"Perform a thorough risk assessment"
Forescout advised those responsible to install security updates ("patches") for the networked devices. However, there are a number of manufacturers who do not offer updates and leave the gaping gaps open. In addition, there are scenarios in which the patches cannot be easily applied to business-critical systems during operation. "If so, organizations should conduct a thorough risk assessment of their networks to determine the level of containment required."
The experts also gave the IT departments a number of technical recommendations to minimize the risk. It is helpful, for example, to block or deactivate network traffic with the new Internet protocol IPv6 when it is not needed in the network. Several vulnerabilities in Amnesia: 33 were related to IPv6 components.
The BSI also pointed out that industrial components in particular must not be directly accessible from the Internet. Networks within companies should be segmented accordingly in order to reduce the attack surface and make it more difficult to spread.
. (tagsToTranslate) technology (t) IT industry (t) IT security (t) computer security (t) hackers (t) medicine