barox Kommunikation AG, the Swiss manufacturer of video switches, media converters and IP extenders designed for video applications, says that its RY-28 Series Managed Ethernet switch range devices can be configured to protect security networks and third party devices, such as cameras and servers from Ripple20 cyber-attacks.
A set of 19 vulnerabilities in a low-level TCP/IP software library, Ripple20 poses a threat, and if weaponised, could allow remote attackers to control targeted devices – without requiring any user interaction. Recently discovered by JSOF research lab, Ripple20 is a series of multiple zero-day vulnerabilities in TCP/IP stacks that are widely embedded in IoT devices. The vulnerability is to be found in a proprietary fully featured TCP/IP communication stack, designed for embedded devices and real-time operating systems. A basic networking element, it is a building block for any device that works over a network.
The problem; it is not known which embedded TCP/IP stacks are vulnerable. IoT, USB and server devices affected are widespread, down to connected printers, light bulbs and smart metering.
Hacker news released recently stated that Ripple20 flaws ‘puts billions of internet connected devices at risk of hacking.’ Ripple 20, developed by Treck Inc, USA, has been discovered in home, consumer, enterprise, telecom, nuclear, transportation and oil and gas devices across critical infrastructure, with real-time embedded protocols and embedded device adoption dating back to 1997. A single component could be infiltrated to ripple out to other network devices. Devices can be made to malfunction with major international vendors being affected.
Highlighting the issue to security installers and system designers, Rudolf Rohr, barox Co-founder and Managing partner says: “To protect devices and networks from Ripple20 vulnerabilities, you need to have a purpose specific filter configured to never accept fragmented UDP. With the barox RY-28 Series switch, deep cyber protection can be configured to automatically detect and stop fragmented UDP via its built-in Access Control List (ACL) switch menu options; to block fragmented UDP and protect networks and their devices, such as IP cameras, VMS and servers from illegal access.
“It is also important to create network segmentation via the switch. With this defensive measure, barox is mitigating impact, helping installers and end-users to secure their networked security systems against potential Ripple20 threats.”
For more on the barox RY-28 Series Managed Ethernet video switch range visit www.barox.ch/en or contact Clear Vision Technologies at www.cv-tech.tech, or distributor Oprema at www.oprema.co.uk.
