India's largest platform and marketplace for AI & Analytics leaders & professionals

Sign in

India's largest platform and marketplace for AI & Analytics leaders & professionals

3AI Digital Library

IoT devices at risk from Amnesia:33

3AI December 17, 2020

 

A new series of vulnerabilities dubbed Amnesia:33 puts millions of IoT devices at risk of being compromised.

Security researchers from Forescout disclosed the 33 vulnerabilities today. The flaws are found in four open-source TCP/IP libraries used in the firmware of products from over 150 vendors.

According to the researchers’ estimates, millions of consumer and enterprise IoT devices are at risk from Amnesia:33 vulnerabilities.

The affected libraries are uIP, FNET, picoTCP, and Nut/Net. Manufacturers have used these libraries for decades to add TCP/IP support to their products.

Here are the number of vulnerabilities discovered in each library:

  • uIP – 13
  • picoTCP – 10
  • FNET – 5
  • Nut/Nut – 5

uIP, the most vulnerable library, was also found to be used in the highest number of vendors.

Forescout also analysed the following libraries but did not find any vulnerabilities: lwIP, CycloneTCP, and uC/TCP-IP. 

Due to the prevalence of these libraries, just about every type of connected hardware is impacted by Amnesia:33—from SoCs to smart plugs, from IP cameras to servers.

Unlike the previously disclosed Ripple20 vulnerabilities, Amnesia:33 primarily affects the DNS, TCP, and IPv4/IPv6 sub-stacks.

Ripple20 and Amnesia:33 vulnerabilities both predominately consist of Out-of-Bounds Read, followed by Integer Overflow.

IoT devices (46%) represent the highest number of affected device types, according to Forescout’s research. This is followed by OT/BAS and OT/ICS at 19 percent, and then IT at 16 percent.

    3AI Trending Articles

  • Cross-Validation techniques to assess your model’s stability

    Featured Article: Author:  Sai Nikhilesh Kasturi, Data Science & Analytics, Customer Insights & Analysis, American Airlines One of the foremost interesting and challenging things about data science hackathons in Kaggle is struggling to maintain the same ranks on both public and private leader boards. I also have been a victim in struggling to keep the […]

  • Application of Reinforcement Learning in Supply Chain

    Author: Anindya Bera, Senior Manager – Anaytics, Genpact A supply chain is a complex network of individuals and agents who exchange materials or information in a business ecosystem. The items which are used on day-to-day basis are created by a global collaboration between suppliers, manufacturers, and logistics carriers. What makes this complex? It is the […]

  • Unleashing the CX Potential: GenAI Revolution

    Featured Article Author: Sudha Bhat In today’s competitive landscape, the demand for outstanding customer experience (CX) has surged, particularly with the advent of Generative AI (GenAI). This new era transcends traditional personalized interactions, paving the way for hyper-customized, real-time experiences that are fundamentally driven by AI technology.  Recent studies suggest that 80% of businesses that […]

  • Driving AI Adoption: An 8-Step Blueprint for Your Team’s Success

    Featured Article: Author: Ganes Kesari, Innovation Titan A Telecom major was grappling with high customer attrition. The firm was one of the largest Telecom companies in the world and a market leader in Asia. The marketing team’s heuristics-driven approach to customer retention was dated and ineffective. Reviewing the business performance in a weekly huddle, the […]