At least 100 million IoT devices are prone to Denial of Service or Remote Code Execution attacks, which allow attackers to take devices offline or take control of them, according to a new report from Forescout Research Labs.
The cybersecurity software provider that specializes in securing the Internet of Things (IoT), said in its report that there exists nine Domain Name System (DNS) vulnerabilities affecting four popular TCP/IP stacks, including FreeBSD, Nucleus NET, IPnet and Netx. The vulnerabilities are being called NAME:WRECK.
According to Forescout, those stacks include popular open-source projects and IoT/IT firmware.
“The widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface,” the company said in a blog. “This research is further indication that the community should fix DNS problems that we believe are more widespread than what we currently know.”
The healthcare and government sectors are especially vulnerable as the stacks are used in things like ultrasound machines, avionics, building automation, VoIP, medical devices, printers, computers, networking equipment and energy and power infrastructure.
Forescout said it conservatively estimates that 1% of the more than 10 billion deployments of those stacks are vulnerable, so at least 100 million devices are impacted by NAME:WRECK.
To completely protect against these vulnerabilities, organizations should patch devices running the vulnerable versions of the IT stacks. All four have recently been patched, and device vendors using the software should provide their own updates to customers, the company said.
However, patching these devices an be difficult depending on whether the devices is a standard IT server or an IoT device.
Other mitigations, aside from patching, include using an open-source script to detect devices running the affected stacks, enforcing segmentation controls and network hygiene, monitoring progressive patches released by device vendors, configuring devices to rely on internal DNS servers and monitoring all network traffic for exploitation attempts.
For a complete list of the vulnerabilities, read Forescout’s report.