Guarding IoT Security with Venustech for Ripple20 Vulnerabilities Breach

The Israeli cybersecurity company JSOF has disclosed that the "Ripple20" vulnerability in the Treck TCP/IP stack will sweep the global Internet of Things and the industrial Internet, and critical infrastructure security will be greatly affected. Hundreds of millions (or more) Internet of Things (IoT) devices worldwide will be impacted by remote attack triggering. 

A total of 19 vulnerabilities were found in "Ripple20". All vulnerabilities were caused by processing errors of the Treck protocol stack when sending data packets on the network using different protocols (including IPv4, ICMPv4, IPv6, IPv6OverIPv4, etc.), resulting in memory corruption.

Two vulnerabilities were rated as level 10 by the Common Vulnerability Scoring System (CVSS), other two vulnerabilities were rated as level 9 or higher. The rest was of different severity, CVSS scores ranging from 3.1 to 8.2, exploited for arbitrary remote code execution, denial of service attacks. 

Although, Treck has released a patch for OEMs to use the latest Treck stack version (6.0.1.67 or higher). The JSOF analyst said: "Although the best way is to install the original Treck patch, in many cases the original patch cannot be installed."

How to protect yourself immediately? Venustech will assist you through Venusense IoT-VBox.

Venustech Group analyzes security incidents for the first time and responds to emergencies. At present, Venusense IoT-VBox (Internet of Things Security Access Protection System) product is the first product in China to have all the fingerprints of all Treck devices affected by Ripple20 vulnerabilities. Based on the "3+1" capability, all IoT devices in the network with hidden security risks will be revealed, which realize three-dimensional protection against "Ripple20" threats of IoT assets.

Venustech Solution

In view of the fact that many IoT devices including industrial control equipment are difficult to upgrade, in response to the professional advice given by ICS-CERT in the United States, Venusense IoT-VBox provides comprehensive technical responses and tools, based on the "3+1" function, that is, three major security function, one global visualization, to achieve three-dimensional protection, to help customers quickly overcome the crisis.

◆ Rapid Identification of Ripple Risk Assets

Patch recommendations given by the US ICS-CERT: Discover and create a list of affected devices to identify the attack risk plane, implement mitigation control measures, and determine the priority of patch updates.

Venusense IoT-VBox emergency response upgrade package for "Ripple20" includes fingerprint identification and protection function upgrade packages, which can sort out the IoT assets and quickly identify the affected assets.

Affected Vendor List

The rapid emergency response of Venusense IoT-VBox achieves the fingerprint identification engine and abnormal behavior characteristic package of affected products by "Ripple20", which can quickly uncover the affected IoT assets and response, and quickly realizes productization. At present, it is also one of the first Chinese security products to identify the impact of Ripple.

Fast Response for “Ripple20” Detection

In the list of affected manufacturers, the affected equipment includes household and enterprise-level commercial equipment, covering many fields and industries. Venusense IoT-VBox has a formidable fingerprint identification engine for IoT and industrial control equipment, and all manufacturers on the list can be identified. This depends on the team’s rapid response to the development of the increased "Ripple20" fingerprint.  

New Affected Assets Distribution of “Ripple20”

◆ Stereoscopic Protection for “Ripple20”

The repair recommendations from US ICS-CERT: segment vulnerable devices, isolate and control network access to reduce risks.

Venusense IoT-VBox can provide full-round protection for IoT devices that cannot be upgraded in a short time. In the asset dimension, the affected assets can be temporarily approved and isolated; in the network dimension, IoT-VBox can automatically learn the connection relationship of IoT assets to form a baseline, generate on-demand on-off rules, and reduce the attack plane; in the behavioral dimension, IoT- VBox can automatically learn the behavior of IoT assets to form a behavior baseline, and at the same time add a custom matching engine based on Ripple20's abnormal behavior. Once an attack occurs, it can be immediately blocked.

◆ Chinese Cryptographic Algorithm Protection for “Ripple20”

The repair recommendations from US ICS-CERT: Protect critical IoT devices with cryptographic technology.

Venusense IoT-VBox provides a Chinese cryptographic technology protection scheme for important IoT assets affected by "Ripple20". It can realize end-to-end data encryption protection and identity verification for key IoT assets without exposure with Venusense Secure Access Gateway, fundamentally eliminate the threat of "Ripple20". 

◆ Global Visibility for “Ripple20”

Based on the GIS method, the global display of all the Internet of Things assets affected by "Ripple20" in the intranet is displayed, and the manager has a global evaluation tool.

The rapid revolution of IoT technology will form a technological base under the full scenarios of smart cities, and fragmented protocols, application components, and operating systems, superimposed on a large number of devices, will pose a huge security risk and become an important X factor restricting industrial upgrading.

"Ripple20" undoubtedly has a huge impact, but even so, it is still the tip of the iceberg, and vulnerabilities and attacks hidden in the dark will be everywhere. Therefore, solving the fragmented security of the IoT requires a new notion, using accurate asset profiling and behavior analysis, and assisting with rapid security response, in order to effectively reduce the severe security risks caused by the rapid development of the Internet of Things. 

Venustech Group has developed a holistic IoT security solution with IoT-VBox as the kernel, leading the technical route of visualized management and control of the IoT security in Chinese enterprises, and benchmarked against leading US IoT visualized management and control manufacturers including Nasdaq (listed on NASDAQ ) and Zingbox (acquired by the giant Palo Alto), has made major breakthroughs in multiple industries.

The "Visualization Control Route of IoT Security" was first published by Gartner in 2017, combining industry development and customer needs to give a clear technology trend report: (Market Trends: Grow Your IoT Security Business by Investing in Real-Time Discovery, Visibility and Control)

Venusense IoT-VBox, as the first Chinese implementer and continuous industry practitioner of the visual control technology route product for the IoT and industrial Internet scenarios, has been widely used in smart cities, smart communities, transportation, electric power, environmental protection, and public security, achieved extensive industrial application and comprehensive coverage of the security of infrastructure such as the IoT and industrial internet.