India's largest platform for AI & Analytics leaders, professionals & aspirants

Sign in

India's largest platform for AI & Analytics leaders, professionals & aspirants

3AI Digital Library

IoT devices at risk from Amnesia:33

December 17, 2020

 

A new series of vulnerabilities dubbed Amnesia:33 puts millions of IoT devices at risk of being compromised.

Security researchers from Forescout disclosed the 33 vulnerabilities today. The flaws are found in four open-source TCP/IP libraries used in the firmware of products from over 150 vendors.

According to the researchers’ estimates, millions of consumer and enterprise IoT devices are at risk from Amnesia:33 vulnerabilities.

The affected libraries are uIP, FNET, picoTCP, and Nut/Net. Manufacturers have used these libraries for decades to add TCP/IP support to their products.

Here are the number of vulnerabilities discovered in each library:

  • uIP – 13
  • picoTCP – 10
  • FNET – 5
  • Nut/Nut – 5

uIP, the most vulnerable library, was also found to be used in the highest number of vendors.

Forescout also analysed the following libraries but did not find any vulnerabilities: lwIP, CycloneTCP, and uC/TCP-IP. 

Due to the prevalence of these libraries, just about every type of connected hardware is impacted by Amnesia:33—from SoCs to smart plugs, from IP cameras to servers.

Unlike the previously disclosed Ripple20 vulnerabilities, Amnesia:33 primarily affects the DNS, TCP, and IPv4/IPv6 sub-stacks.

Ripple20 and Amnesia:33 vulnerabilities both predominately consist of Out-of-Bounds Read, followed by Integer Overflow.

IoT devices (46%) represent the highest number of affected device types, according to Forescout’s research. This is followed by OT/BAS and OT/ICS at 19 percent, and then IT at 16 percent.

    3AI Trending Articles

  • Way to make object-recognition models perform better

    Adding a module that mimics part of the brain can prevent common errors made by computer vision models. Computer vision models known as convolutional neural networks can be trained to recognize objects nearly as accurately as humans do. However, these models have one significant flaw: Very small changes to an image, which would be nearly […]

  • Blockchain-Based Stock Exchange in Japan by 2022

    The exchange reportedly planned by SBI and SMFG is expected to be the first of its kind in Japan. SBI Holdings has reportedly partnered with Sumitomo Mitsui Financial Group (SMFG) to launch a digital stock exchange slated for spring 2022. SBI and SMFG are expected to launch the platform in Osaka to compete against the […]

  • Application of Reinforcement Learning in Supply Chain

    Author: Anindya Bera, Senior Manager – Anaytics, Genpact A supply chain is a complex network of individuals and agents who exchange materials or information in a business ecosystem. The items which are used on day-to-day basis are created by a global collaboration between suppliers, manufacturers, and logistics carriers. What makes this complex? It is the […]

  • Which Startup Ecosystem Attracted Higher Investments in 2020? – Bangalore or Delhi NCR

    Bengaluru continues to be ahead of Delhi NCR in terms of total funding raised by startups located in these cities The pandemic saw funding across the top startup hubs like Delhi NCR and Bengaluru drying up But both cities gave the country a steady influx of unicorns in 2020, keeping the interest of investors alive […]