Life With Ripple20: How To Harden Deployed IoT Devices?

LEIPZIG, Germany - July 2, 2020 - PRLog -- Ripple20 once again demonstrates the blatant cybersecurity issues of IoT networks. What makes the 19 vulnerabilities problematic: In many places, the affected software library by software company Treck can no longer be identified. The library has been the foundation for network communication of IoT devices for over 20 years. Buyers can customize it and even resell the result under a different name.

The cybersecurity experts at research lab JSOF speak of supply chain dissemination and warn: »Over time, the original library component could become virtually unrecognizable.« Even major IoT device vendors like Schneider Electric, HP and Rockwell Automation cannot be sure that they identify all traces in their products. Their devices may contain further 3rd-party components which contain the library under a different name. The bottomline: Comprehensive patching of the Ripple20 is virtually impossible.

The JSOF researchers therefore recommend deep packet inspection technology to detect and block anomalous IP behaviour of IoT devices. These functions are covered by Rhebo IoT Device Protection (https://rhebo.com/en/company/news/post/rhebo-iot-device-p...), a solution that provides an intelligent cybersecurity upgrade even for already deployed IoT networks.

We'll Have To Live with Ripple20

IoT devices are notorious for their lack of cybersecurity. Many vulnerabilities are programmed deep into the code base. Shall all IoT devices be redesigned from scratch? Of course, this is completely unrealistic. It would also not be effective. Currently, hundreds of millions of IoT devices are already in use. Every new development leaves gaps, there will never be a 100% secure IoT device. What is realistic is a cybersecurity approach that works independently of the IoT technologies in use.

IoT Cybersecurity Needs To Be Vendor-Agnostic

This cybersecurity approach integrates cybersecurity on all IoT devices and is tailored to their properties. The solution to this is called Rhebo IoT Device Protection. It actively learns new threats, hence is not limited to known threat signatures. Instead, it also filters for actions that do not fit into the actual behavioural pattern of the device. For example, a large part of the exploits of Ripple20 resemble communication processes that appear legitimate to firewalls. In addition to signatures, Rhebo IoT Device Protection therefore also detects, blocks and reports anomalous behaviour. The solution is integrated directly on the IoT device to act locally and protect the rest of the fleet of connected IoT devices globally. This is even more important in IoT networks where connected devices run on identical technology.

For more information on Rhebo IoT Protection: https://rhebo.com/en/our-products/rhebo-iot-device-protection/ (https://rhebo.com/en/our-products/rhebo-iot-device-protec...)