Science & Technology

Serious flaws in a wide range of embedded TCP / IP stacks endanger industrial control devices

Embedded devices, especially those designed for long-lived industrial automation, should use a combination of in-house code and third-party code created when software vulnerabilities were not as well understood today. Is known. Significant flaws in unique components that hardware vendors have used extensively for many years have widespread implications. Patching is not always an option.

This is highlighted by the findings of Forescout Research Labs and JFrog Security Research over the past year, which investigated TCP / IP stacks used in various IoT and other embedded systems. This identified key flaws affecting millions of devices in reports such as: Ripple20, NAME: WRECK, NUMBER: JACK or AMNESIA: 33.

Their latest reportIs released today under the name INFRA: HALT and is widely used in operational technology (OT) devices from up to 200 vendors. 14 critical and high-risk vulnerabilities found in its own TCP / IP stack called NicheStack. Covers. These devices include programmable logic controllers (PLCs) such as the Siemens S7. These are components of industrial automation and are used in critical infrastructure sectors.

The TCP / IP stack has a huge attack surface

The TCP / IP stack, or Internet Protocol Suite, consists of implementations of common Internet Protocols such as DNS, HTTP, FTP, ARP, and ICMP. These allow the operating system and its applications to send and receive data over IP networks. Given the large number of protocols supported by these stacks and the amount of data and packet formats they process, they expose critical attack surfaces that can be exploited without authentication.

Industrial control devices traditionally communicated via serial interfaces, but with each passing year they are also equipped with Ethernet interfaces, implicitly populating the TCP / IP stack to allow communication with regular computers and IT devices. It is now equipped. Since many IoT devices these days are running Linux, they use the Linux TCP / IP stack, which has been thoroughly scrutinized by security researchers and Linux kernel developers for over 30 years. However, industrial control devices tend to run their own real-time operating system (RTOS), which uses its own TCP / IP stack with inconsistent version control, custom-made changes, and ownership changes. All of this complicates identifying vulnerable products and ultimately patching.

NicheStack is a TCP / IP stack developed by a company called InterNiche Technologies before 1996 and extended to support new IPv6 technologies in 2003. In 2016, InterNiche Technologies was acquired by another company called HCC Embedded. stack.

Copyright © 2021 IDG Communications, Inc.

Serious flaws in a wide range of embedded TCP / IP stacks endanger industrial control devices Serious flaws in a wide range of embedded TCP / IP stacks endanger industrial control devices

Back to top button