Sternum Blocks Exploitation of Multiple Critical Ripple20 Vulnerabilities
July 2020 by Marc Jacob
Sternum, the multilayered cybersecurity company providing real-time embedded protection and visibility for IoT devices, successfully blocked the exploitation of multiple critical Ripple20 vulnerabilities. Embedding Sternum’s Embedded Integrity Verification (EIV) into firmware containing the vulnerable TCP/IP stack led to EIV automatically blocking the exploit attempts of the vulnerabilities and reported the attempts in real time.
Sternum’s announcement follows JSOF’s recent discovery of the Ripple20 zero-day vulnerabilities used in an embedded low-level TCP/IP library developed by software company Treck, Inc. The vulnerabilities affect hundreds of millions of critical IoT devices across numerous sectors, including healthcare, energy, smart homes, and more.
Sternum’s research team reconfirmed JSOF’s findings and successfully exploited some of the critical vulnerabilities on a device. Then, the team installed EIV onto the same device and executed the previous attack. With Sternum’s EIV already embedded, the attempted exploitation was prevented, and the team was alerted in real time of the attempt. The EIV alert included information leading to the exact vulnerable code, enabling the team to quickly patch the vulnerabilities as well as investigate the characteristics of the attempted attack.
The blocked Ripple20 critical vulnerabilities have a common vulnerabilities and exposures (CVE) score higher than 8, with 10 being the most severe. If exploited properly, these vulnerabilities allow for remote code execution by hackers, enabling them to take complete control of affected IoT devices. Risks of successful exploitation include hackers taking control of remote infusion pumps, stealing sensitive protected health information (PHI) from patients, altering the behavior of industrial control devices, penetrating other sensitive IoT devices in the same network, and more.
Numerous companies and their IoT devices have been confirmed as vulnerable in light of the Ripple20 discovery. These vendors were vulnerable because they used Treck’s TCP/IP library as a third-party component. Organizations at risk include a Fortune 500 healthcare company whose affected infusion pump could lead to larger attacks on the hospital network; a multinational technology conglomerate whose affected routers and switches could lead to denial-of-service (DOS) attacks on networks; a major computer provider in which attacks on its infected printer product line could lead to further attacks on connected enterprises; and an international electric company in which attacks on its affected products might lead to damage on industrial equipment.
Sternum’s EIV is proactive, integrity-based attack prevention embedded automatically into an IoT device’s firmware, including closed-source code, commercial operating systems, and third-party libraries. The solution prevents exploitations of potential IoT device vulnerabilities in real time, preventing all known, unknown, and advanced attacks the moment they strike and before any lasting damage is done to a device or its connected network. EIV can be deployed in any IoT device, including distributed and unmanaged IoT devices that are low on resources.
Sternum works with numerous clients across multiple industries, including medical, industry 4.0, smart energy, smart cities and more. Sternum has partnered with Telit, the global leader in IoT enablement and Sternum’s solutions will be built into Telit’s xE910 module family to give Telit’s customers in-depth visibility and security for their entire device fleet.