The internet is literally unsecured. Being a network consisting of networks, everything connected to it pose a threat on their own.
Internet-connected devices are becoming common, as people start to see their benefits. But not many people know how these devices work behind their back.
They may have security issues, and this is what exactly researchers said, when they found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the internet.
In all, researchers from security firms Forescout and JSOF found nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of internet of things products and IT management servers.
Calling it the 'NAME:WRECK', the disclosed flaws are found in four ubiquitous TCP/IP stacks, which are essentially the code that integrates network communication protocols to establish connections between devices and the internet.

According to a blog post by JSOF, include: FreeBSD, IPNet, NetX and Nucleus NET.
According to the researchers at Forescout on their own blog post, they are all related to how these stacks implement the “Domain Name System” internet phone book, which would allow hackers to either crash a device, or taking it offline, or gaining control of it remotely.
The researchers said that NAME:WRECK is a set of Domain Name System (DNS) vulnerabilities that have the potential to cause either Denial of Service (DoS) or Remote Code Execution.
Because the four stacks are widely used, the attack surface is wide.
As a result, the vulnerabilities have the potential to cause huge damage to networks, especially those that are critical infrastructure, like healthcare facilities, manufacturing plants, or other places where a compromised connected device or IT server can disrupt a whole system, or could allow hackers to jump into the network and dig deeper.
Fortunately, the vulnerabilities, discovered by researchers at the security firms Forescout and JSOF, have patches that are already available.
Unfortunately, not all devices can use the patches.
This is because many devices, especially IoT devices, don't have the mechanisms to allow a system update.
In other situations, the manufacturers didn't create the component the devices are running on, or simply don't have control of the mechanisms themselves.

“With all these findings I know it can seem like we’re just bringing problems to the table, but we're really trying to raise awareness, work with the community, and figure out ways to address it,” says Elisa Costante, vice president of research at Forescout.
“We've analyzed more than 15 TCP/IP stacks both proprietary and open source and we've found that there's no real difference in quality. But these commonalities are also helpful, because we've found they have similar weak spots. When we analyze a new stack we can go and look at these same places and share those common problems with other researchers as well as developers.”
At the time of their findings, the researchers have yet to see evidence that attackers are actively exploiting these types of vulnerabilities in the wild. But this NAME:WRECK is leaving hundreds of millions, if not billions, of devices potentially impacted across numerous different findings.
Issues like these can go unnoticed, or often neglected, simply because the technology itself isn't broken.
TCP/IP has been around for decades, and little has been done to protect or improve it, despite other technologies that rely on it have evolved.














































































































































































































































































































































































