The vulnerabilities in the communications protocols that are used by millions of Internet of Things or IoT and operational technology or OT devices could let cyber attackers and hackers to intercept sensitive data and manipulate data.
Vulnerabilities in some TCP/IP stacks have been laid out by cybersecurity researchers at Forescout, who dubbed the nine new vulnerabilities as Number Jack.
Internet of Things prone to attack
Project Memoria, an initiative examining vulnerabilities in TCP/IP stacks and how to mitigate them is part of the ongoing research about the vulnerability of cybersecurity.
The latest disclosures published are all based on the fundamental aspect of TCP communication in embedded devices, the Initial Sequence Number or ISN generation.
The ISNs are made to make sure that every TCP between two computers or other internet-connected devices is unique and that third party devices can't interfere connections or manipulate it, according to Business Insider.
To make sure that this will happen properly, ISNs need to be generated so an attacker can't guess it, manipulate it or hijack it. It is a fundamental of computer security that was known back in the 90s.
However when it comes to security of IoT devices, the researchers found that this old vulnerability was there already as the numbers were not random, this means that the pattern of ISN numbers in these TCP communications could be predicted.
Daniel dos Santos, the research manager at Forescout said in an interview with ZDNet that this thing has been mostly fixed in Windows and Linux. However, when you look into the IoT world, this thing is happening once more.
By pointing out an existing TCP connection, attackers could close it, essentially causing a denial-of-service attack by preventing the data from being transferred between devices.
Also, attackers could hijack it and add their own data into the session, through which it is possible to intercept unencrypted traffic, add file downloads to serve malware or use HTTP responses to direct the hacking victim to a dangerous website.
This is possible for attackers to abuse TCP connections of the embedded devices to bypass authentication protocols, which can provide attackers with additional access to other networks.
All of the found vulnerabilities were disclosed to the relevant vendors and maintainers of affected TCP/IP stacks by October 2020.
Most of the vendors have fixed their systems to protect devices against the vulnerabilities or are in the process of doing so, even though researchers note that one has not responded to the disclosure at all.
Forescout Research labs
In order to help against attacks, Forescout Research Labs has released an open-source script that can help identify stacks that are discovered to have vulnerabilities. This move is a part of Project Memoria.
If these vulnerabilities are uncovered on the network that security patches are applied to prevent the attackers from taking advantage. It is also suggested that when it is not possible to patch OT devices or IoT devices, the affected products are then segmented onto part of the network that will decrease the chances of compromise.
The whole research is a reminder that there are security lessons that needs to be learned from IT security and it must be applied for safety.
Related Article: Korean Retailer 'E-Land' Suffers Ransomware Attack-Almost Half of its Operations Face Shut Down!
This article is owned by Tech Times
Written by Sieeka Khan