Massive Vulnerability Found Across 100's of Millions IoT Devices
Recently, JSOF, a boutique cybersecurity organization, discovered a series of vulnerabilities stemming from one small software library that has rippled across the supply chain. These vulnerabilities affect 100's of millions of IoT devices that could potentially allow nefarious actors, including nation-states, to remote take-over of these devices across industries, ranging from telecom, oil/gas, nuclear, medical and many others across critical infrastructure.
According to a press release, the series of zero-day vulnerabilities in a widely used low-level TCP/IP software library is developed by Treck, Inc. These vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more), and include multiple remote code execution vulnerabilities.