Vulnerability “Ripple 20” hidden in hundreds of millions of electric appliances is discovered

Security company JSOF announced that it has discovered a vulnerability ' Ripple20 ' that affects many smart devices, routers, printers, including Intel and HP products. Since Ripple20 is caused by the library of Internet communication protocols adopted by many manufacturers since it was released in 1997, it is estimated that there are more than several hundred million products worldwide affected by this vulnerability. It is being done.


Ripple20 vulnerabilities will haunt the IoT landscape for years to come | ZDNet

You can see what kind of vulnerability Ripple20 is in one shot by playing the following movie.

JSOF Ripple20 Exploit UPS-YouTube

The Ripple20 vulnerability is explained by JSOF CEO Shlomi Oberman.

All appliances in front of Oberman use the communication protocol of software development company Treck, which is based in Cincinnati, Ohio.

The product is a communication device connected to a LAN cable...

Infusion pump, which is a medical device

Household printer

Uninterruptible power supply (UPS)

We have a wide variety of lighting equipment.

All of these are connected to a UPS with 100% battery life.

When Oberman uses Ripple20 to illegally access the UPS...

Despite the UPS remaining power, the lighting fixtures went off and went dark.

The infusion pump also displays a screen warning that the battery is low.

Ripple20 is a general term for 19 zero-day vulnerabilities found in the TCP/IP protocol library developed by Treck. This vulnerability can be used to infiltrate networks from the outside, steal data and cause equipment to malfunction. Many manufacturers have adopted Treck's library for their products because of its lightweight operation, which has accelerated the damage.

Treck's library is mainly used in the United States, but a similar library was released by Japanese software development company Elmic Systems (now Zuken Elmic ), which was affiliated with Treck in the 1990s, 'Kasago TCP/IP It has been confirmed in the product '.

Regarding the characteristics of Ripple20, JSOF said, 'The interesting thing about Ripple20 is that its influence is greatly expanded by the supply chain. Ripple20 is an IoT device that is widely used in various fields involving various manufacturers. The affected industries are wide-ranging such as telecommunications, retail, trading, medical, transportation, industrial, and energy, and specifically, IT and IT giants such as Intel and HP, electronics manufacturer Schneider Electric , Products such as Rockwell Automation , a manufacturer of industrial equipment, Caterpillar , a manufacturer of heavy equipment, and Baxter , a medical equipment company, are suspected to be affected.”

According to JSOF calculations, there are hundreds of millions or more of products worldwide affected by Ripple20. Treck replied to the IT news site ZDNet that 'patches for all vulnerabilities corresponding to Ripple20 are available' and revealed that patches have already been released for manufacturers.

However, the specific work of products using the Treck library and their manufacturers is still in progress at the time of writing the article, and the full extent of the damage has not yet been clarified. In the future, Treck will work on this issue in cooperation with companies and multiple security vendors confirmed to be affected by Ripple 20, as well as information security event Black Hat from August 1, 2020 In USA 2020 , the policy is to take up Ripple20 and call attention to it.

in Software,   Hardware,   Security, Posted by log1l_ks