India's largest platform and marketplace for GCCs & AI

Sign in

India's largest platform and marketplace for GCCs & AI
Become a Thought Leader
Become a 3AI Member

Sign in

3AI Digital Library

< Go Back

IoT devices at risk from Amnesia:33

3AI December 17, 2020

 

A new series of vulnerabilities dubbed Amnesia:33 puts millions of IoT devices at risk of being compromised.

Security researchers from Forescout disclosed the 33 vulnerabilities today. The flaws are found in four open-source TCP/IP libraries used in the firmware of products from over 150 vendors.

According to the researchers’ estimates, millions of consumer and enterprise IoT devices are at risk from Amnesia:33 vulnerabilities.

The affected libraries are uIP, FNET, picoTCP, and Nut/Net. Manufacturers have used these libraries for decades to add TCP/IP support to their products.

Here are the number of vulnerabilities discovered in each library:

  • uIP – 13
  • picoTCP – 10
  • FNET – 5
  • Nut/Nut – 5

uIP, the most vulnerable library, was also found to be used in the highest number of vendors.

Forescout also analysed the following libraries but did not find any vulnerabilities: lwIP, CycloneTCP, and uC/TCP-IP. 

Due to the prevalence of these libraries, just about every type of connected hardware is impacted by Amnesia:33—from SoCs to smart plugs, from IP cameras to servers.

Unlike the previously disclosed Ripple20 vulnerabilities, Amnesia:33 primarily affects the DNS, TCP, and IPv4/IPv6 sub-stacks.

Ripple20 and Amnesia:33 vulnerabilities both predominately consist of Out-of-Bounds Read, followed by Integer Overflow.

IoT devices (46%) represent the highest number of affected device types, according to Forescout’s research. This is followed by OT/BAS and OT/ICS at 19 percent, and then IT at 16 percent.

    3AI Trending Articles

  • Major Cybersecurity Incidents of 2020

    From ransomware schemes to supply chain attacks, this year melded classic hacks with extraordinary circumstances. WHAT A WAY to kick off a new decade. 2020 showcased all of the digital risks and cybersecurity woes you’ve come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the […]

  • Navigating Data Security Risks in Generative AI: Emerging Challenges and Innovative Solutions

    Featured Article Author: Raghavaiah Avula, Palo Alto Networks IntroductionAs we stand at the cusp of a generative AI revolution, the promise of unprecedented innovation is accompanied by significant data security challenges. This article explores the cutting-edge risks emerging in the generative AI landscape and presents novel solutions that organizations must consider to safeguard their AI […]

  • How Augmented Analytics is Transforming the Analytics Ecosystem

    Author:  Sidharth Sivasailam, Vice President – Products, Course5 Intelligence | LinkedIn – https://www.linkedin.com/in/sidharthsiva/ The world of Business Analytics is at an inflection point. Trillions of bytes of data are being generated every day; however, companies continue to struggle with harmonizing this data, analyzing the data of various shapes and sizes they are storing, determining what’s […]

  • Unleashing the Power of AI in CPG: A Unified Approach for Transformative Growth

    Featured Article Author: Chiranjiv Roy, Course5 Intelligence In the ever-competitive Consumer Packaged Goods (CPG) landscape, where consumer preferences shift like sands and market dynamics evolve relentlessly, brands are in a constant quest for differentiation and growth. The disruptive wave of Artificial Intelligence (AI) offers a beacon of innovation, with models like Gemini, Claude, and GPT-4 […]