It has been reported that Israeli security firm JSOF revealed today a collection of vulnerabilities it’s calling Ripple20, a total of 19 hackable bugs it has identified in code sold by a little known Ohio-based software company called Treck, a provider of software used in internet-of-things devices.
JSOF’s researchers found that one bug-ridden part of Treck’s code, built to handle the ubiquitous TCP-IP protocol that connects devices to networks and the internet, in the devices of more than 10 different manufacturers—from HP and Intel to Rockwell Automation, Caterpillar, and Schneider Electric—and likely dozens more, JSOF believes. The result, the researchers say, is the better part of a billion hackable devices in the wild that have likely been vulnerable for years, and will need to be patched to protect them from a broad array of attacks.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.