With the growing statistics and people being reliant on technology and devices connected through the internet, a new dreaded threat has been released for awareness of the public. Consist of 19 zero-day attack vulnerabilities for low-level TCP/IP software library that has been used to millions of devices manufactured, the report was collaboratively named ‘Ripple20’.
Exploiting these unraveled vulnerabilities can affect massively different sectors such as Home and retail Devices, Medical equipment, industrial machinery, power grids, networking apparatus, enterprise, transportation industry, aviation, oil, and gas rigging company, government security agencies, and other IoT devices. The effect can include data exfiltration and malfunctioning of devices and worst a distributed denial of service (DDoS), which will result in a halt on the manufacturing and servicing industry and leak of confidential information that can lead to significant money loss or national dispute.
Tracing the origin of these vulnerabilities confirmed that this has been ongoing in the past 20 years, and still, manufacturers and developers failed to address. This results from the low-leveled security imposed by Treck Inc and Elmic Systems that monopolized the distribution of the hardware and software that needs to create such devices. Though the partnership did not last long, their legacy still lives on the past and current devices released even today. They continue to supply a part of the million devices invented to suffice the need for comfortability and ease of access to people, which is the small window for many threat actors to exploit and spread their malicious activity.
This vulnerability existed although the IoT hardware is engineered to endure for many years because it was poorly written and insecure.
Manufacturers failed to address the vital part of the production, which is security. Imposing the high security of their product will mean a significant loss of money to the company for investment and will entirely revolutionize the whole product output. If the manufacturer of these small parts of the device will impose a high-level security software, it will result in incompatibility to other hardware and software to create the desired product. Thus, this has deliberately been ignored and just went to mass production wherein the product will be stable, and the company will continue to be profitable.
Ripple, as it named, once a single vulnerability has been exploited, its effect could be a massive disaster as millions of IoT devices are embedded with this little device. The lack of knowledge of imposing high security to created technology is the same as risking the possibility of being attacked by many adversaries that will also mean a loss for everybody. With numerous cybercriminals revolutionizing their approach to spread their misdeeds, manufacturers should not even rely on just stability but also emphasize on security as this is now becoming a basic necessity and requirement for all.
