Technology

Over 100m Internet-connected devices at risk, CSA urges firms to patch systems


SINGAPORE – Singapore’s cyber security watchdog has issued an alert following the discovery of new vulnerabilities in over 100 million Internet-connected devices ranging from medical equipment and wearable fitness products to critical industrial control systems in the energy and power sectors.

Sounding the alarm on Thursday (April 15), the Cyber Security Agency of Singapore’s Singapore Computer Emergency Response Team (SingCert) said: “Administrators of the affected stacks are advised to apply the patch immediately.”

Security patches have already been rolled out to address the vulnerabilities, which allow cyber crooks to gain control of devices and computer systems and take them offline.

Organisations in the healthcare and government sectors are the most affected, said many security researchers. Other sectors implicated include entertainment, retail, manufacturing, financial services and technology.

The bugs affect the Domain Name System (DNS). The DNS is like a phonebook that matches domain names, such as those in website URLs, to Internet Protocol (IP) addresses which are strings of numbers that identify devices on the Internet.

Cyber-security firm Forescout Research Labs said that the vulnerabilities are collectively called Name:Wreck and affect four popular sets of rules that govern how devices can “talk” to each other over a network like the Internet.

Forescout said not all devices running the affected stacks are vulnerable but it conservatively estimated that if 1 per cent of the more than 10 billion deployments are, then at least 100 million devices are at risk.

Potentially affected equipment and devices include:

– high-performance servers and network appliances in millions of IT networks

– ultrasound machines, defibrillators, smartphones, storage systems and critical systems for avionics

– wearable fitness products, mobile phones, patient monitors, printers, smart clocks, and energy and power equipment in industrial control systems

– unmanned combat aircraft, commercial aircraft, self-driving cars, space exploration rovers, critical medical equipment like for magnetic resonance imaging, and industrial manufacturing robots.

European countries, Canada, the United States and Japan are believed to be the most affected as they have the largest installations of these equipment.

It is not clear how many devices in Singapore are affected.

Eindhoven University of Technology security professor Sandro Etalle told The Financial Times that “Name:Wreck is a significant and widespread set of vulnerabilities with the potential for large-scale disruption”.

Forescout told Computer Weekly that “unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security”.

The security firm said one way a cyber criminal could exploit Name:Wreck is to compromise ultrasound machines that connect to a website to get firmware updates.

The crook could use the Name:Wreck bug to redirect the ultrasound machines to his site to instead download fake firmware he made that is malicious.

The infected ultrasound machines could then be instructed by the malware to upload all medical records to the crook.

“Complete protection against Name:Wreck requires patching devices running the vulnerable versions of the…stacks,” Forescout told Computer Weekly.

Although security patches have been rolled out, Forescout said patching can be difficult in some cases.

For instance, if affected devices are not managed centrally, it means each one has to be manually patched. Some devices also cannot be taken offline for this because of their mission-critical nature, such as medical devices and industrial control systems.

If patching is not available, SingCert advised administrators to enforce segmentation controls and proper network hygiene measures such as restricting external communication paths and isolating vulnerable devices.

They should monitor patches released, monitor all network traffic for malicious data, and configure devices to rely on internal DNS servers.

Organisations can find out if they are vulnerable by referring to resources Forescout provided at these sites:

https://github.com/Forescout/project-memoria-detector

https://github.com/Forescout/namewreck





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.