Check Your IoT: URGENT/11 Zero-Day Vulnerabilities Impacting 2 Billion Devices
It was only a matter of time before connected devices become a target. The current vulnerability allows remote attackers to gain full control over IoT devices.
Security professionals have known that connected devices are a risk, but the latest news around the URGENT/11 vulnerabilities may surprise even the most hardened security professional. Over 2 billion connected devices are thought to be vulnerable, including a range of printers, VOIP phones, routers, medical equipment, firewalls, elevators and industrial controls. Any connected device that is running the VxWorks operating system created by Wind River has the potential to be affected, allowing users to remotely gain control over the device.
Dubbed “URGENT/11”, these security risks include six critical vulnerabilities connected with VxWorks 6.5 or higher that includes the IPnet stack. There are a few versions of the OS that may not be affected, according to security research firm Armis, such as their VxWorks Cert Edition and VxWorks 653. Whether devices are within the network perimeter or on the edge, they can still be leveraged for remote access directly into networks. The vast range of manufacturers of the devices at risk means the level of security at the device level is likely to vary dramatically between product types. Fortunately, Wind River Systems provided critical patches during a recent July 19 release, but that may not be enough to reduce the risk for organizations utilizing these connected devices.
What is VxWorks?
“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, vice president of research at Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses”. As an RTOS, or real-time operating system, VxWorks has generally been considered to be a stable solution for IoT and other interconnected devices with only 13 vulnerabilities reported in over 32 years of operation for the platform. Since it is only older versions of the RTOS that are vulnerable to attack, it’s thought that newer devices should be relatively safe and many affected devices are already reaching end-of-life. These devices are generally ones where chipsets only need to manage a few basic pieces of information, such as input/output operations, where little data processing is required.
How to Protect Your Business
While officials at VxWorks and Armis note that there are no indications that the URGENT/11 vulnerabilities have been exploited, the extreme disruption that could be caused within an organization is reason enough to warrant a proactive effort to protect your organization. Here are the recommended steps from Wind River security professionals and engineers:
- Apply the recent patch immediately
- Deploy specific firewall signatures/rules that will help mitigate the danger if patches cannot be applied immediately
You can view the full URGENT/11 whitepaper with a breakdown of the vulnerabilities and suggestions for remediation online. Experts note that the level of disruption could be significant, perhaps even rivaling the EternalBlue 2017 vulnerability or the WannaCry ransomware attack. In each of these instances, it was challenging for many small businesses to determine the best steps to move forward and protect their organization.
Partnering with an IT services firm helps ensure that your business is alert to this type of critical attack vector. Staying vigilant for vulnerabilities and quickly applying patches may mean the difference between a few hours of work patching devices or servers and months of remediation as you attempt to recover from a major attack.