[German]Security researchers have found 33 vulnerabilities in open source implementations of the TCP/IP stack. These endanger the device security of around 150 manufacturers. This applies to all devices connected to the Internet and ranges from medical devices to many IoT systems. Here is some information about the vulnerability called Amnesia:33.
What is Amnesia:33?
AMNESIA:33 is a collection of 33 vulnerabilities found by security researchers at Foresout Research Labs in four open source TCP/IP stacks (uIP, PicoTCP, FNET and Nut/Net). These open source TCP/IP stacks are used in millions of devices around the world that are connected to the Internet. In other words: These devices are currently at risk.
(Source: Pexels – free use)
The security researchers published a summary on Security Boulevard on December 7, 2020 and in this blog post (little detail, but rather advertising their security training). The Security Boulevard article links to a technical report, but it seems that it has not yet been published or withdrawn. The details of these vulnerabilities will be presented at Black Hat Europe 2020 (Dec 7-10, 2020). The security researchers have published a summary on Security Boulevard:
- AMNESIA:33 affects seven different components of the stacks (DNS, IPv6, IPv4, TCP, ICMP, LLMNR and mDNS). Two vulnerabilities in AMNESIA:33 affect only 6LoWPAN wireless devices.
- AMNESIA:33 has four categories of potential impact: Remote Code Execution (RCE), Denial of Service (DoS via crash or infinite loop), Infoleak, and DNS cache poisening. Four of the vulnerabilities allow remote code execution and are considered critical.
Security researchers write that these vulnerabilities can be exploited on networked devices to take full control of a target device (RCE), compromise its functionality (DoS), obtain potentially sensitive information (Infoleak), or inject malicious DNS records to point a device to a domain controlled by the attacker (DNS cache poisoning).
The AMNESIA:33 vulnerabilities were discovered by Forescout Research Labs as part of the Memoria project. This is an initiative that aims to provide the cyber security community with the largest study of TCP/IP stack security.
Devices from at least 150 manufacturers potentially affected
The security researchers write: However, depending on how a TCP/IP stack is used, the different devices may be affected differently by the vulnerabilities. The experts estimate that more than 150 vendors and millions of devices are probably vulnerable to AMNESIA:33.
The security researchers at Foresout Research Labs have communicated their findings to the coordinating agencies (such as ICS-CERT and CERT/CC) who have contacted the identified vendors. Some vendors have already confirmed the vulnerabilities and issued their patches, but some are still under investigation.
The widespread nature of these vulnerabilities means that many organizations around the world could be affected by AMNESIA:33. Organizations that fail to mitigate this risk leave open doors for attackers to use IT, OT and IoT devices throughout their organization. In the article here, the security researchers go into the risks in more detail and make suggestions on how users can mitigate the vulnerabilities in the devices. For private users, only security updates, if available, remain to be installed. Companies and organizations have some additional options such as network segmentation, blocking IPv6 traffic, using internal DNS servers, monitoring and filtering TCP/IP packets to reduce risk.
Addendum: The security researchers has revealed some more details on Blackhat conference. Wired has here more details.
Cookies helps to fund this blog: Cookie settings