Security researchers today disclosed 19 bugs affecting hundreds of millions of Internet of Things (IoT) devices. The “Ripple20” vulnerabilities, four of which are critical, exist in a low-level TCP/IP software library used by many manufacturers to connect their devices to the Internet via TCP/IP connections.
Researchers with Israeli cybersecurity consultancy JSOF began researching this library, built by a software company called Treck, in September 2019. It piqued the team’s interest because they predicted it would be used in several types of connected devices, explains CEO and researcher Shlomi Oberman. Investigation revealed several serious flaws in all types of connected devices.