Sternum, a cybersecurity company providing real-time embedded protection and visibility for IoT devices, has successfully blocked the exploitation of multiple critical Ripple20 vulnerabilities. Embedding Sternum’s Embedded Integrity Verification (EIV) into firmware containing the vulnerable TCP/IP stack led to EIV automatically blocking the exploit attempts of the vulnerabilities and reported the attempts in real time.
Sternum’s announcement follows JSOF’s recent discovery of the Ripple20 zero-day vulnerabilities used in an embedded low-level TCP/IP library developed by software company Treck, Inc. The vulnerabilities affect hundreds of millions of critical IoT devices across numerous sectors, including healthcare.
Sternum’s research team reconfirmed JSOF’s findings and successfully exploited some of the critical vulnerabilities on a device. Then, the team installed EIV onto the same device and executed the previous attack. With Sternum’s EIV already embedded, the attempted exploitation was prevented, and the team was alerted in real time of the attempt. The EIV alert included information leading to the exact vulnerable code, enabling the team to quickly patch the vulnerabilities as well as investigate the characteristics of the attempted attack.
“The power of on-device cyber security solutions focused on the exploitation of vulnerabilities will enable sustainable protection amidst the IoT revolution,” said Natali Tshuva, CEO and co-founder of Sternum. “Devices will always contain vulnerabilities and trying to patch them all is a losing game. It is essential that IoT device manufacturers embrace solutions that protect devices from exploitation. Vulnerabilities like Ripple20 will continue to be discovered; this is why we are calling for a paradigm shift in IoT cybersecurity, which requires the adoption of innovative, on-device security solutions that protect IoT devices in real time.”
The blocked Ripple20 critical vulnerabilities have a common vulnerabilities and exposures (CVE) score higher than 8, with 10 being the most severe. If exploited properly, these vulnerabilities allow for remote code execution by hackers, enabling them to take complete control of affected IoT devices. Risks of successful exploitation include hackers taking control of remote infusion pumps, stealing sensitive protected health information from patients, and more.
Numerous companies and their IoT devices have been confirmed as vulnerable in light of the Ripple20 discovery. These vendors were vulnerable because they used Treck’s TCP/IP library as a third-party component. Organizations at risk include a Fortune 500 healthcare company, whose affected infusion pump could lead to larger attacks on the hospital network, and an international electric company, in which attacks on its affected products might lead to damage on industrial equipment.
Sternum’s EIV is proactive attack prevention embedded automatically into an IoT device’s firmware, including closed-source code, commercial operating systems, and third-party libraries.The technology prevents exploitations of potential IoT device vulnerabilities in real time, preventing all known, unknown, and advanced attacks the moment they strike and before any lasting damage is done to a device or its connected network. EIV can be deployed in any IoT device, including distributed and unmanaged IoT devices that are low on resources.