Dec 10, 2020 06:00:00

33 vulnerabilities 'AMNESIA: 33' affecting more than 1 million IoT devices and industrial devices are discovered

Security company

Forescout announced on December 8, 2020 that it has identified a total of 33 vulnerabilities, AMNESIA: 33 , hidden in four open source libraries. The library containing this vulnerability has been found to be used in products from more than 150 vendors, and it is estimated that more than 1 million devices will be affected.

AMNESIA: 33 --Forescout
https://www.forescout.com/research-labs/amnesia33/

AMNESIA: 33 – Foresout Research Labs Finds 33 New Vulnerabilities in Open Source TCP / IP Stacks --Security Boulevard
https://securityboulevard.com/2020/12/amnesia33-foresout-research-labs-finds-33-new-vulnerabilities-in-open-source-tcp-ip-stacks/

Amnesia-33 vulnerabilities affect 158 vendors, millions of devices | SC Media
https://www.scmagazine.com/home/security-news/mobile-security/amnesia-33-vulnerabilities-affect-158-vendors-millions-of-devices/

Amnesia: 33 vulnerabilities impact millions of smart and industrial devices | ZDNet
https://www.zdnet.com/article/amnesia33-vulnerabilities-impact-millions-of-smart-and-industrial-devices/

You can see what kind of vulnerability 'AMNESIA: 33' is by watching the following movie released by Forescout.

What is AMNESIA: 33? --YouTube


'AMNESIA: 33' is composed of 33 vulnerabilities that affect a wide range of products around us, such as many embedded chips, IoT devices, OT (industrial control system) devices, and IT devices.

These vulnerabilities, four of which are used all over the world

TCP / IP open source library ' picoTCP ', ' FNET ', ' uIP ,' ' Nut / Net was found in'.

Of the 33 vulnerabilities, 4 are particularly dangerous because they can lead to remote control of devices, disruption of services, and information leakage.

One of the high-risk situations where 'AMNESIA: 33' is being abused is remote work at home, which has rapidly become widespread in 2020.

First, a hacker breaks into a PC connected to a VPN through an unprotected router.

After that, when the systems of the company and the manufacturing factory are cracked in order via the cloud ...

There is a possibility that the operation of the factory will be stopped illegally.

It is also possible that retail stores will be damaged.

By sending malicious packets from unexpected intrusion routes such as smart thermometers installed on the wall ...

The receipt printer, which should not be directly connected to the Internet, may stop and the cashier may be confused.

In addition, if a hacker operates a network switch via the in-store system, the local network may be disconnected.

In order to prevent damage caused by 'AMNESIA: 33', Forescout 'identifies risks', 'configures the system with an internal DNS server', 'blocks

IPv6 if possible', 'reduces risks by segmentation ', 'patches', and 'suspicious packets'. We strongly recommended the six measures of 'monitoring'.

According to Forescout, it is estimated that more than 150 manufacturers are using libraries that include 'AMNESIA: 33', including Canon group companies NT-Ware , Siemens , Genetec , devolo, and Microchip. It is said to be included.

In addition, according to overseas media ZDNet, products that are thought to be affected include smartphones, game consoles, printers, routers, network switches, IP cameras , self-checkouts, uninterruptible power supplies, and so on.

“Component vulnerabilities have been a long- standing challenge in the IoT industry, especially with supply chain transparency,” said Brad Ree, chief technology officer of the ioXt Alliance , an IoT technology standards body. This kind of problem with such companies can be a long-standing problem, and sometimes consumers are left behind due to the manufacturer's closure or business transformation. ' did.