23 years
97.9 Customer Satisfaction Score
200k Tickets Closed
83% resolved remotely
97% Resolved within SLA Goal

IoT Security

Check Your IoT: URGENT/11 Zero-Day Vulnerabilities Impacting 2 Billion Devices

It was only a matter of time before connected devices become a target. The current vulnerability allows remote attackers to gain full control over IoT devices.  

Security professionals have known that connected devices are a risk, but the latest news around the URGENT/11 vulnerabilities may surprise even the most hardened security professional. Over 2 billion connected devices are thought to be vulnerable, including a range of printers, VOIP phones, routers, medical equipment, firewalls, elevators and industrial controls. Any connected device that is running the VxWorks operating system created by Wind River has the potential to be affected, allowing users to remotely gain control over the device.

URGENT/11 Vulnerabilities

Dubbed “URGENT/11”, these security risks include six critical vulnerabilities connected with VxWorks 6.5 or higher that includes the IPnet stack. There are a few versions of the OS that may not be affected, according to security research firm Armis, such as their VxWorks Cert Edition and VxWorks 653. Whether devices are within the network perimeter or on the edge, they can still be leveraged for remote access directly into networks. The vast range of manufacturers of the devices at risk means the level of security at the device level is likely to vary dramatically between product types. Fortunately, Wind River Systems provided critical patches during a recent July 19 release, but that may not be enough to reduce the risk for organizations utilizing these connected devices.

What is VxWorks?

“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, vice president of research at Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses”. As an RTOS, or real-time operating system, VxWorks has generally been considered to be a stable solution for IoT and other interconnected devices with only 13 vulnerabilities reported in over 32 years of operation for the platform. Since it is only older versions of the RTOS that are vulnerable to attack, it’s thought that newer devices should be relatively safe and many affected devices are already reaching end-of-life. These devices are generally ones where chipsets only need to manage a few basic pieces of information, such as input/output operations, where little data processing is required.

How to Protect Your Business

While officials at VxWorks and Armis note that there are no indications that the URGENT/11 vulnerabilities have been exploited, the extreme disruption that could be caused within an organization is reason enough to warrant a proactive effort to protect your organization. Here are the recommended steps from Wind River security professionals and engineers:

You can view the full URGENT/11 whitepaper with a breakdown of the vulnerabilities and suggestions for remediation online. Experts note that the level of disruption could be significant, perhaps even rivaling the EternalBlue 2017 vulnerability or the WannaCry ransomware attack. In each of these instances, it was challenging for many small businesses to determine the best steps to move forward and protect their organization.

Partnering with an IT services firm helps ensure that your business is alert to this type of critical attack vector. Staying vigilant for vulnerabilities and quickly applying patches may mean the difference between a few hours of work patching devices or servers and months of remediation as you attempt to recover from a major attack.

Schedule your No-Obligation IT Assessment with Palindrome Consulting

Schedule Now

Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Martin Feldman
Martin Feldman
16:43 26 Jun 19
As a partner in Fischer & Feldman, P.A. we have utilized Palindrome Consulting as our IT experts for many years. In... addition to keeping our server up and running, they are available to consult on the everchanging cloud and web landscape. We could not function as a successful law firm without their constant care, attention and almost IMMEDIATE RESPONSE TIME.read more
Rebecca Fischer
Rebecca Fischer
16:39 26 Jun 19
Palindrome has been my IT company for more than 15 years. We have been through four server and computer replacements... over the years all of which went smoothly. As technology has changed Palindrome has kept us current in their recommendations and are extremely responsive when we run into a software or hardware problem. We have been through hurricanes with Palindrome and felt confident they would have us up and running as quickly as possible and despite the fact we are probably a smaller client, they have treated us as one of their most important clients. I highly recommend Palindrome and have complete confidence in their capabilities and service. They have even gone the extra mile when we wanted to donate our old computers to a children's special needs school and delivered the computers, set them up and provided service for the same. Ilan Sredni is the consummate professional and has surrounded himself with top professionals and skilled technicians.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews