When it comes to catching cyber vulnerabilities, this study has some stunning 20/20 vision.
New research from Israeli security firm JSOF recently found vulnerabilities in millions of critical Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices in a range of fields and industries.
According to researchers, these vulnerabilities affect hundreds of millions of devices (or more) and include multiple remote code execution (RCE) threat vectors.
The risk is high, and the research reveals examples of potential consequences:
"Data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction. An attacker could hide malicious code within embedded devices for years. One of the vulnerabilities could enable entry from outside into the network boundaries; and this is only a small taste of the potential risks."
From a personal printer to smart manufacturing to the power industry, Ripple20 poses a serious risk. This is particularly true when it comes to supply chain security.
"Ripple20 reached critical IoT devices from a wide range of fields, involving a diverse group of vendors. Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter, as well as many other major international vendors suspected of being of vulnerable in medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail and commerce, and other industries."
How did Ripple20 vulnerabilities become so widespread? The reason comes down to a software library, and it explains how "Ripple" became part of Ripple20's name:
"The interesting thing about Ripple20 is the incredible extent of its impact, magnified by the supply chain factor. The wide-spread dissemination of the software library (and its internal vulnerabilities) was a natural consequence of the supply chain 'ripple-effect.' A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people."
Here is a list of risks the researchers say are associated with these vulnerabilities:
For an overview of supply chain security, watch the recent SecureWorld web conference, Introduction to Supply Chain Security, which is available on-demand.