Tern plc

10/11/2021 | News release | Archived content

What’s Ripple20 and how is it impacting IoT?

The world is more connected than ever, and internet of things (IoT) devices are near-ubiquitous in our daily lives. From your voice assistant to GPS delivery tracking, you interact with IoT personally and professionally on a regular basis.

And you probably assume that each interaction is totally secure. After all, Amazon Alexa can make purchases for you and Google Assistant knows when you'll be on holiday. But a series of 19 security vulnerabilities called Ripple 20 could overturn all that consumer confidence. What's Ripple20 and how is it impacting IoT? We'll break it down.

What is Ripple 20?

Ripple 20 is the name given to the 19 security flaws found by Israeli cyber-security firm, JSOF. These flaws all impact a software library created by Treck Inc. Their software is in millions of devices all over the globe. And it's used across the supply chain even by big names like Intel, HP and Baxter. As parts of the supply network are affected by cyberattacks, they take down their suppliers and customers. So, these vulnerabilities were named Ripple 20 because of the ripple effect a single attack would cause.

How does Ripple 20 impact IoT?

Any device with Treck Inc software installed is potentially at risk. According to Trend Micro, "Ripple20 is a group of 19 hackable bugs that, if successfully exploited, could allow an attacker to run code arbitrarily on vulnerable devices they can connect to. Hackers can access vulnerable devices through local networks or over the internet and fully take control of them - a critical issue when vulnerable devices include those in power grids, manufacturing plants, and hospitals. One of these bugs is a DNS protocol vulnerability, which can be used by a sophisticated hacker to attack devices that are not connected to the internet. JSOF has outlined other possible attacks, including: using vulnerable devices to target other devices in a network, utilizing [the] vulnerable device to stay hidden [in-network], and broadcasting an attack to take control of all impacted devices in the network simultaneously." So, it's a pretty significant risk to your bottom line.

What can you do?

Ripple 20 poses a huge risk to your operation if your devices are affected. But there is hope. Treck Inc has taken steps to address these issues. If you don't have in-house IT support available to install these fixes, talk to an expert partner . You'll need to know what devices are affected. Github and Forescout have automated tools to help you do this. But if your organisation is very small, you may only need a manual inventory. If your device is affected, update the firmware via a manufacturer patch OR replace it. If you can't afford to replace the devices and they are no longer supported for updates, the very least you can do is take them offline. That reduces the risk somewhat, but it does not eliminate it. And you'll want to decommission and replace those devices as soon as you can. Since 20% of organisations with IoT devices have already experienced a cyberattack, it's not something you should put off for long.