Over 200 million devices vulnerable to remote takeover

The operating system that may be controlling everything from elevators, medical equipment, and other mission-critical systems is vulnerable to attacks that give attackers complete control of the device. Researchers found that it accounts for about 200 million internet-connected devices.

Researchers with security firm Armis identified 11 vulnerabilities in various versions of VxWorks, a slimmed-down operating system. VxWorks runs on more than 2 billion devices worldwide.

None of the 11 urgent vulnerabilities affect the most recent version of VxWorks, or any of the certified versions of the OS, including VxWorks 653 or VxWorks Cert edition.

The stakes are high for the 200 million devices that are running a version that’s susceptible to a serious attack. Many of the vulnerabilities reside in the networking stack known as IPnet, which can often be exploited by little more than booby-trapping packets sent from the internet.

Depending on the vulnerability, exploits may be able to go so far as to penetrate firewalls and other types of network defenses.

Of course, the direst of the scenarios would be attacks that chain together multiple exploits that can then trigger the remote takeover of multiple devices.

Armis researchers wrote in a technical overview that, “Such vulnerabilities do not require any adaptations for the various devices using the network stack, making them exceptionally easy to spread. In most operating systems, such fundamental vulnerabilities in the crucial networking stacks have become extinct, after years of scrutiny unraveled and mitigated such flaws.”

Wind River, the company that makes the VxWorks operating system, believes that the number of affected devices is lower than the 200 million estimated by Armis.

They have stated that the affected devices are primarily non-critical devices such as modems, routers, and printers, as well as some industrial and medical devices that reside at the perimeter of organizations’ networks and are exposed to the internet.

Wind River issued patches recently and is in the process of notifying affected customers of the threat.

The challenge for customers using devices that run the VxWorks OS will be to locate the devices and then to take them off-line so that they can be updated. As a lot of the affected devices could be specialty equipment, it can affect a company that needs the machinery to be running continuously.

Either way, as this is a very serious threat, figuring out which operating system vital business machines are running should be a top priority. Organizations using devices that run on VxWorks need to make sure they’re not on a vulnerable version of the software.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648