A Legion Of Bugs Puts Hundreds Of Millions Of IoT Devices At Risk

By   ISBuzz Team
Writer , Information Security Buzz | Jun 17, 2020 02:58 am PST

It has been reported that Israeli security firm JSOF revealed today a collection of vulnerabilities it’s calling Ripple20, a total of 19 hackable bugs it has identified in code sold by a little known Ohio-based software company called Treck, a provider of software used in internet-of-things devices.

JSOF’s researchers found that one bug-ridden part of Treck’s code, built to handle the ubiquitous TCP-IP protocol that connects devices to networks and the internet, in the devices of more than 10 different manufacturers—from HP and Intel to Rockwell Automation, Caterpillar, and Schneider Electric—and likely dozens more, JSOF believes. The result, the researchers say, is the better part of a billion hackable devices in the wild that have likely been vulnerable for years, and will need to be patched to protect them from a broad array of attacks.