A set of nine vulnerabilities are currently exposing roughly 100 million devices worldwide, according to researchers. The vulnerabilities lie in the basic code that dictates how devices communicate with the internet. What cybersecurity researchers are questioning is how to implement changes and effective defenses that will actively combat these types of vulnerabilities and create lasting effects on security. The newly disclosed flaws have been named Name:Wreck, and exist in four different ubiquitous TCP/IP stacks.
TCP/IT stacks integrate network communications protocols, establishing connections between the devices and the internet. They also all relate to how these stacks implement the “Domain Name System” internet phonebook. An attacker leveraging these vulnerabilities would be able to gain control of a device remotely or crash a device to take it offline. These vulnerabilities are particularly concerning as they could both wreak havoc on critical infrastructure, healthcare, or manufacturing, where one offline connected device or server could disrupt a whole system. The vulnerabilities have patches available and were discovered by security firms Forescout and JSOF.
Read More: 100 Million More IoT Devices Are Exposed—and They Won’t Be the Last