How Embedded TCP/IP Stacks Breed Critical Vulnerabilities presented at BlackHatEurope 2020

by Jos Wetzels, Stanislav Dashevskyi, Daniel Dos Santos, Amine Amri,

Summary : In the past few years, there's been a rise in critical vulnerabilities affecting embedded TCP/IP stacks which had remained undiscovered for over a decade. The direct, unauthenticated and sometimes cross-perimeter network exposure of these stacks, the often privileged portions of the system they run in and their position at the top of opaque supply chains complicating vulnerability management efforts make for a highly dangerous mix resulting in periodic waves of critical vulnerabilities affecting billions of devices across industry verticals. But contrary to what many assume, the fragility of these fundamental components isn't limited to specific vendors or older, closed-source stacks alone.In this talk, we will present over a dozen new vulnerabilities in multiple widely used embedded TCP/IP stacks deployed in everything from networking equipment and medical devices to industrial control systems. We will discuss the nuances in their exploitability & potential impact and demonstrate a proof-of-concept against a yet-to-be-disclosed high profile target. In addition, we will present the first quantitative & qualitative study into vulnerabilities affecting embedded TCP/IP stacks showing a clear pattern to the affected components & features as well as the root causes of the vulnerabilities that affect them. Finally, we will provide concrete advice on how to mitigate and manage vulnerabilities affecting billions of devices in the absence of centralized patching and notification efforts.