TCP/IP stack vulnerabilities threaten IoT devices

A set of vulnerabilities in TCP/IP stacks used by FreeBSD and three common real-time operating systems designed for the IoT was revealed this week by security vendor Forescout and JSOF Research. The nine vulnerabilities could potentially like 100 million devices in the wild.

Nucleus NET IPNet and NetX are the other operating systems likeed by the vulnerabilities which a articulation report issued by Forescout and JSOF dubbed Name:Wreck.

In a report on the vulnerabilities Forescout writes that TCP/IP stacks are specially assailable for separate reasons including widespread use the fact that many such stacks were created a long time ago and the fact that they make an winning attack surface thanks to unauthenticated functionality and protocols that ill-tempered network perimeters.

The Domain Name System suffers from much the same issues which are exploitable in the case of the Name:Wreck vulnerabilities.

’DNS is a intricate protocol that tends to furnish assailable implementations and these vulnerabilities can frequently be leveraged by outer attackers to take control of millions of devices simultaneously’ the report said.