India's largest platform for AI & Analytics leaders, professionals & aspirants

Sign in

India's largest platform for AI & Analytics leaders, professionals & aspirants

3AI Digital Library

IoT devices at risk from Amnesia:33

December 17, 2020

 

A new series of vulnerabilities dubbed Amnesia:33 puts millions of IoT devices at risk of being compromised.

Security researchers from Forescout disclosed the 33 vulnerabilities today. The flaws are found in four open-source TCP/IP libraries used in the firmware of products from over 150 vendors.

According to the researchers’ estimates, millions of consumer and enterprise IoT devices are at risk from Amnesia:33 vulnerabilities.

The affected libraries are uIP, FNET, picoTCP, and Nut/Net. Manufacturers have used these libraries for decades to add TCP/IP support to their products.

Here are the number of vulnerabilities discovered in each library:

  • uIP – 13
  • picoTCP – 10
  • FNET – 5
  • Nut/Nut – 5

uIP, the most vulnerable library, was also found to be used in the highest number of vendors.

Forescout also analysed the following libraries but did not find any vulnerabilities: lwIP, CycloneTCP, and uC/TCP-IP. 

Due to the prevalence of these libraries, just about every type of connected hardware is impacted by Amnesia:33—from SoCs to smart plugs, from IP cameras to servers.

Unlike the previously disclosed Ripple20 vulnerabilities, Amnesia:33 primarily affects the DNS, TCP, and IPv4/IPv6 sub-stacks.

Ripple20 and Amnesia:33 vulnerabilities both predominately consist of Out-of-Bounds Read, followed by Integer Overflow.

IoT devices (46%) represent the highest number of affected device types, according to Forescout’s research. This is followed by OT/BAS and OT/ICS at 19 percent, and then IT at 16 percent.

    3AI Trending Articles

  • Online learning will pave the way for a digital future

    Online learning has emerged as a critical tool that promises the potential to prepare business and professionals for a digital future. While skilling has become a hot trend in the current job climate, professionals should know that simply having basic digital skills won’t cut it because disruptive digital skills are now a necessity, not a […]

  • IIT Delhi Offers Free Online Course on AI

    IIT Delhi is offering a free online 12-week programme on Artificial Intelligence with a certificate on completion. Indian Institute of Technology (IIT) Delhi is inviting registrations from those who would like to enrol for a 12-week long free online course on Artificial Intelligence. This programme will be offered on the National Programme on Technology Enhanced […]

  • Mirae Asset Launches $35 Mn Early Stage Fund For India

    The Mirae Asset Venture Opportunities Fund will have an average ticket size of $2 Mn – $4 Mn The early stage fund will back up the Mirae Asset-Naver Asia Growth Fund, which was launched in 2018 Besides its new early stage fund, Mirae Asset has invested in Ola, Bigbasket, Zomato, Shadowfax and other Indian startups […]

  • Cloud Industry Trends for year 2021

    Dell Technologies shares top three cloud industry trends for the year 2021 The year 2020 has indeed been a year of transformation for everyone around the world. Businesses were forced to adapt to remote working models overnight. Earlier users ran their programs and applications from a server or a physical computer, however, now the same […]