Network Security: Ripple 20 Vulnerability Analysis

Originally published June 24, 2020

Announcements came out in June 2020 of a potential vulnerability in embedded products that could allow them to be taken over and turned into bots, called Ripple 20. A good introduction to this issue was recently published by ZDnet with the headline and byline of: 

Ripple20 vulnerabilities will haunt the IoT landscape for years to come

Security researchers disclose 19 vulnerabilities impacting a TCP/IP library found at the base of many IoT products.

 The vulnerabilities were discovered by the cybersecurity experts at JSOF, a group at Hebrew University in Jerusalem. Their article on the vulnerabilities goes into more detail, and is located here: https://www.jsof-tech.com/ripple20/ 

The vulnerabilities are in a network stack library written by a company called Treck that has been widely used since the 90's and could potentially be in any company's products. JSOF provides a Fingerprint Scanning utility that companies can used to evaluate devices on a network. AtlasIED has procured this utility and run it on test system networks in-house in order to check all of our products for this potential vulnerability. JSOF's wording on interpreting the results of the scan is cautious/conservative, saying that a negative results "Indicates that the host might NOT use" the affected network stack software. 

AtlasIED ran the Fingerprint Scanning tests using the version 1.3 (dated 6/22/2020) from JSOF and found not positive results, meaning none of our products seem to have the Ripple 20 Vulnerability. The results of the tests are shown in the attached document. 

 

 

Support Files

Ripple_20_Scan_All_Local_Networks.txt