A new series of vulnerabilities dubbed Amnesia:33 puts millions of IoT devices at risk of being compromised.
Security researchers from Forescout disclosed the 33 vulnerabilities today. The flaws are found in four open-source TCP/IP libraries used in the firmware of products from over 150 vendors.
According to the researchers’ estimates, millions of consumer and enterprise IoT devices are at risk from Amnesia:33 vulnerabilities.
The affected libraries are uIP, FNET, picoTCP, and Nut/Net. Manufacturers have used these libraries for decades to add TCP/IP support to their products.
Here are the number of vulnerabilities discovered in each library:
uIP, the most vulnerable library, was also found to be used in the highest number of vendors.
Forescout also analysed the following libraries but did not find any vulnerabilities: lwIP, CycloneTCP, and uC/TCP-IP.
Due to the prevalence of these libraries, just about every type of connected hardware is impacted by Amnesia:33—from SoCs to smart plugs, from IP cameras to servers.
Unlike the previously disclosed Ripple20 vulnerabilities, Amnesia:33 primarily affects the DNS, TCP, and IPv4/IPv6 sub-stacks.
Ripple20 and Amnesia:33 vulnerabilities both predominately consist of Out-of-Bounds Read, followed by Integer Overflow.
IoT devices (46%) represent the highest number of affected device types, according to Forescout’s research. This is followed by OT/BAS and OT/ICS at 19 percent, and then IT at 16 percent.
3AI is India’s largest platform for AI & Analytics leaders, professionals & aspirants and a confluence of leading and marquee AI & Analytics leaders, experts, influencers & practitioners on one platform.
3AI platform enables leaders to engage with students and working professionals with 1:1 mentorship for competency augmentation and career enhancement opportunities through guided learning, contextualized interventions, focused knowledge sessions & conclaves, internship & placement assistance in AI & Analytics sphere.
3AI works closely with several academic institutions, enterprises, learning academies, startups, industry consortia to accelerate the growth of AI & Analytics industry and provide comprehensive suite of engage, learn & scale engagements and interventions to our members. 3AI platform have 16000+ active members from students & working professionals community, 500+ AI & Analytics thought leaders & mentors and an active outreach & engagement with 430+ enterprises & 125+ academic institutions.