New IoT Device Vulnerabilities Pose Significant Risks
Researchers working with enterprise security company Forescout Technologies discovered and published research on a number of vulnerabilities affecting Internet of things devices in mid-April 2021. The vulnerabilities have been given the unifying name "Name:Wreck".
"Name:Wreck" refers to a group of IoT device vulnerabilities that allow bad actors to either take Internet-connected devices offline or take remote control over them.
The pool of issues includes nine separate but similar vulnerabilities. They all have to do with four TCP/IP stacks and are related to how DNS is implemented on the affected devices. The exploits making use of the Name:Wreck vulnerabilities include both denial of service and, perhaps more significantly, remote code execution, which opens the doors to bad actors to do a lot of harm.
Forescout's research shows that over 100 million IoT devices are affected by the Name:Wreck pool of vulnerabilities.
Larger Networks at Risk
The vulnerabilities comprising Name:Wreck have had patches released for them, but the issue here is not so much the availability of fixes, but how those are implemented and deployed, especially when it comes to IoT devices. Internet of things devices are notoriously behind when it comes to firmware and software updates, both because sometimes it may be impossible to update them and because a lot of companies and private users never bother to update a piece of hardware once it has been hooked up and installed.
The remote code execution possibilities of Name:Wreck vulnerabilities mean that bad actors may establish a persistent foothold on the affected network and use the infected IoT devices to move "laterally" across the network, as Daniel dos Santos, research manager with Forescout explained when interviewed by ZDNet.
Some of the dangerous possible scenarios include accessing patient medical data from healthcare devices as well as stealing confidential or otherwise sensitive company information, assuming the threat actors use the IoT devices as a stepping stone to expand into the wider company network.
The fastest solution to the issue is patching all devices affected by Name:Wreck as quickly as possible, but this can be a significant undertaking and can take time. Forescout further recommends that companies should do their best to monitor network traffic and segmenting networks as efficiently as possible to minimize the risk of large-scale exposure and infiltration.