Millions Of IoT Devices Were Vulnerable To These Number:Jack TCP/IP Stack Attacks

 iot devices vulnerable to tcp ip stack attacks
Internet of Things (IoT) devices are prevalent in our daily lives, from voice-control hubs to smart cooking devices. Millions of these types of devices exist in people's homes, and many could have been vulnerable to significant security flaws. Though the issues have been found and largely fixed, it is an important cybersecurity lesson that "history repeats itself."

Today, Forescout published a research article detailing what they have called "NUMBER:JACK," a collection of nine vulnerabilities affecting TCP/IP stacks. In short, to make sure every TCP connection is unique and cannot be interfered with, a random number is generated, called an Initial Sequence Number (ISN). If a TCP connection uses improperly generated ISNs, an attacker could "hijack an ongoing connection or spoof a new one."
There are different ways to manage the ISNs, and it is up to the individual TCP/IP stack creator, which is then licensed out or used by products. In this case, the researchers believe that the vulnerable stacks they found are used by millions of devices, "including everything from IT file servers to IoT embedded components." Daniel dos Santos, research manager at Forescout, spoke to ZDNet and stated that "It's not difficult for [Forescout] or an attacker to find this type of vulnerability because you can clearly see the way the numbers are generated by the stack is predictable."

Most concerning of all this is that this sort of attack has been seen before in the 90s, with things such as the Mitnick attack. Effectively, history is repeating, and dos Santos further explained that "This provides proof that people should be looking at what has happened before and how that affects their operations – all down the IoT supply chain."

At the end of the day, one would think that security would improve as companies take in the past lessons learned, but that is not always the case. IoT is the new hot thing, and people are eager to get products to market, whether or not the said product is secure or designed properly. Ultimately, though the 90s seem like an ancient time in terms of technology, the echoes of the past still haunt us and should remain a reminder for the future.