New IoT Device Vulnerabilities Pose Significant Risks

Researchers working with enterprise security company Forescout Technologies discovered and published research on a number of vulnerabilities affecting Internet of things devices in mid-April 2021. The vulnerabilities have been given the unifying name "Name:Wreck".

"Name:Wreck" refers to a group of IoT device vulnerabilities that allow bad actors to either take Internet-connected devices offline or take remote control over them.

The pool of issues includes nine separate but similar vulnerabilities. They all have to do with four TCP/IP stacks and are related to how DNS is implemented on the affected devices. The exploits making use of the Name:Wreck vulnerabilities include both denial of service and, perhaps more significantly, remote code execution, which opens the doors to bad actors to do a lot of harm.

Forescout's research shows that over 100 million IoT devices are affected by the Name:Wreck pool of vulnerabilities.

Larger Networks at Risk

The vulnerabilities comprising Name:Wreck have had patches released for them, but the issue here is not so much the availability of fixes, but how those are implemented and deployed, especially when it comes to IoT devices. Internet of things devices are notoriously behind when it comes to firmware and software updates, both because sometimes it may be impossible to update them and because a lot of companies and private users never bother to update a piece of hardware once it has been hooked up and installed.

The remote code execution possibilities of Name:Wreck vulnerabilities mean that bad actors may establish a persistent foothold on the affected network and use the infected IoT devices to move "laterally" across the network, as Daniel dos Santos, research manager with Forescout explained when interviewed by ZDNet.

Some of the dangerous possible scenarios include accessing patient medical data from healthcare devices as well as stealing confidential or otherwise sensitive company information, assuming the threat actors use the IoT devices as a stepping stone to expand into the wider company network.

The fastest solution to the issue is patching all devices affected by Name:Wreck as quickly as possible, but this can be a significant undertaking and can take time. Forescout further recommends that companies should do their best to monitor network traffic and segmenting networks as efficiently as possible to minimize the risk of large-scale exposure and infiltration.

By Zaib
April 13, 2021
Computer Security
English
April 13, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

No, 9999 Is Not a Good Password, Even for a Simple IoT Device

It seems that even after years of training and being bombarded with security tips and information, we are still not in the right mindset when it comes to cyber security. The latest, thankfully minor incident that made... Read more

November 4, 2020
How To

How to Lock Your Windows 10 Device Remotely

Windows 10 features a long list of security measures, like a native anti-virus, app, anti-ransomware software, and, of course, the firewall. It also includes "Find my device," which is a tool that lets you locate and... Read more

November 5, 2019
How To

'No Audio Output Device is Installed' Fix

Booting up your PC to listen to some music while you do housework and finding out there is no sound coming from your speakers is not a pleasant experience. The issue manifests itself most commonly through the "No... Read more

December 21, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.