New research by a security firm shows at least 9 vulnerabilities in millions of Internet of Things devices (IoT) that could help criminals take control of them remotely.
Forescout Research Labs, partnering with JSOF Research, disclosed that NAME:WRECK, the set of vulnerabilities was affecting four popular TCP/IP stacks (FreeBSD, Nucleus NET, IPnet and NetX). These vulnerabilities relate to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to take target devices offline or to take control over them.
Forescout said on its official blog that organizations in the Healthcare and Government sectors were in the top three most affected for all three stacks. If it was conservatively estimated that 1 percent of the more than 10 billion deployments discussed above were vulnerable, then an estimated 100 million devices were impacted by NAME:WRECK.
The details of these vulnerabilities have been spelled out in this technical report, and will be presented at Black Hat Asia 2021.
Image credit: Forescout