barox confirms RY-28 Series switch protection against Ripple20 cyber attacks
12th August 2020
barox confirms RY-28 Series switch protection against
Ripple20 cyber attacks
Underlining their commitment and implementation of the highest standards of cybersecurity protection, barox Kommunikation AG, the global manufacturer of professional video switches, media converters and IP extenders specifically designed for video applications, has confirmed that its RY-28 Series Managed Ethernet switch range devices are resilient against Ripple20 vulnerabilities and cyber attacks.
A set of 19 vulnerabilities in a low-level TCP/IP software library, Ripple20 poses an immediate threat, and if weaponized, could allow remote attackers to gain complete control over targeted devices – without requiring any user interaction.
Recently discovered by JSOF research lab, Ripple20 is a series of multiple zero-day vulnerabilities in TCP/IP stacks that are widely embedded in IoT devices globally. The vulnerability is to be found in a proprietary fully featured TCP/IP communication stack, designed for embedded devices and real-time operating systems. A basic networking element, it is a building block for any device that works over a network.
IoT, USB and server devices affected are widespread, right down to printers, lightbulbs and Smart metering. The world-wide problem is that it is not known which embedded TCP/IP stacks are vulnerable, and the issue may also affect IP cameras.
Hacker news released recently stated that Ripple20 flaws ‘puts billions of internet connected devices at risk of hacking.’ Ripple 20, developed by Treck Inc, USA, has been discovered in home, consumer, enterprise, telecom, nuclear, transportation and oil & gas devices across critical infrastructure, with real-time embedded protocols and embedded device adoption dating back to 1997. Furthermore, a single component could be infiltrated to ripple out to other network devices. Devices can be made to malfunction with major international vendors being affected.
Highlighting the issue to security installers and system designers, Rudolf Rohr, barox Co-founder & Managing partner explains: “To protect devices and networks from Ripple20 vulnerabilities, you need to have a purpose specific filter trained to never accept fragmented UDP. With the barox RY-28 Series switch, deep cyber protection can be configured to automatically detect and stop fragmented UDP via its built-in Access Control List (ACL), to block fragmented UDP and guard against device and server hacking via illegal access at switch level.”
For more information on the barox RY-28 Series Managed Ethernet professional video switch range, customers can visit www.barox.ch/en or contact Clear Vision Technologies at
www.cv-tech.tech, or Oprema at www.oprema.co.uk
– Ends –