Sternum Blocks Exploitation Of Multiple Critical Ripple20 Vulnerabilities

If exploited, the vulnerabilities, already on hundreds of millions of IoT devices around the world, allow hackers to remotely take over any IoT device containing the vulnerable software

Tel Aviv, Israel /PRNewswire/ - Sternum, the multilayered cybersecurity company providing real-time embedded protection and visibility for IoT devices, successfully blocked the exploitation of multiple critical Ripple20 vulnerabilities. Embedding Sternum's Embedded Integrity Verification (EIV) into firmware containing the vulnerable TCP/IP stack led to EIV automatically blocking the exploit attempts of the vulnerabilities and reported the attempts in real time.

Sternum's announcement follows JSOF's recent discovery of the Ripple20 zero-day vulnerabilities used in an embedded low-level TCP/IP library developed by software company Treck, Inc. The vulnerabilities affect hundreds of millions of critical IoT devices across numerous sectors, including healthcare, energy, smart homes, and more.

Sternum's research team reconfirmed JSOF's findings and successfully exploited some of the critical vulnerabilities on a device. Then, the team installed EIV onto the same device and executed the previous attack. With Sternum's EIV already embedded, the attempted exploitation was prevented, and the team was alerted in real time of the attempt. The EIV alert included information leading to the exact vulnerable code, enabling the team to quickly patch the vulnerabilities as well as investigate the characteristics of the attempted attack.

"The power of on-device cyber security solutions focused on the exploitation of vulnerabilities will enable sustainable protection amidst the IoT revolution," said Natali Tshuva, CEO and co-founder of Sternum. "Devices will always contain vulnerabilities and trying to patch them all is a losing game. It is essential that IoT device manufacturers embrace solutions that protect devices from exploitation. Vulnerabilities like Ripple20 will continue to be discovered; this is why we are calling for a paradigm shift in IoT cybersecurity, which requires the adoption of innovative, on-device security solutions that protect IoT devices in real time."

The blocked Ripple20 critical vulnerabilities have a common vulnerabilities and exposures (CVE) score higher than 8, with 10 being the most severe. If exploited properly, these vulnerabilities allow for remote code execution by hackers, enabling them to take complete control of affected IoT devices. Risks of successful exploitation include hackers taking control of remote infusion pumps, stealing sensitive protected health information (PHI) from patients, altering the behavior of industrial control devices, penetrating other sensitive IoT devices in the same network, and more.

Numerous companies and their IoT devices have been confirmed as vulnerable in light of the Ripple20 discovery. These vendors were vulnerable because they used Treck's TCP/IP library as a third-party component. Organizations at risk include a Fortune 500 healthcare company whose affected infusion pump could lead to larger attacks on the hospital network; a multinational technology conglomerate whose affected routers and switches could lead to denial-of-service (DOS) attacks on networks; a major computer provider in which attacks on its infected printer product line could lead to further attacks on connected enterprises; and an international electric company in which attacks on its affected products might lead to damage on industrial equipment.

Sternum's EIV is proactive, integrity-based attack prevention embedded automatically into an IoT device's firmware, including closed-source code, commercial operating systems, and third-party libraries. The solution prevents exploitations of potential IoT device vulnerabilities in real time, preventing all known, unknown, and advanced attacks the moment they strike and before any lasting damage is done to a device or its connected network. EIV can be deployed in any IoT device, including distributed and unmanaged IoT devices that are low on resources.

Sternum works with numerous clients across multiple industries, including medical, industry 4.0, smart energy, smart cities and more. Sternum has partnered with Telit, the global leader in IoT enablement and Sternum's solutions will be built into Telit's xE910 module family to give Telit's customers in-depth visibility and security for their entire device fleet.

A live demo of Sternum blocking one of the critical Ripple20 vulnerabilities is available upon request.

About Sternum
Sternum, the multilayered cybersecurity platform offering real-time, embedded protection for IoT devices, was founded in 2018 by a team of highly experienced research, development, and business leaders, many coming from the Israeli Defense Forces' (IDF) elite 8200 unit. With a profound understanding of embedded systems, deep insights into defenders' and attackers' mindsets, and a goal of creating a new standard of cybersecurity for IoT devices, Sternum is building uncompromising, innovative technology. Sternum's product suite consists of two key solutions: Embedded Integrity Verification (EIV) and Advanced Detection System (ADS). Both answer the unique needs of IoT device manufacturers in medical, industry 4.0, smart cities, energy, and beyond. Sternum is based in Tel Aviv, Israel.