askST: How consumers can fend off bugs that may hit 100 million Internet-connected devices

The Name:Wreck flaws affect four popular sets of rules, called stacks, that govern how devices can "talk" to one another over a network such as the Internet.
The Name:Wreck flaws affect four popular sets of rules, called stacks, that govern how devices can "talk" to one another over a network such as the Internet.PHOTO: ST FILE

SINGAPORE - More than 100 million Internet-connected devices globally, including consumer devices like some smartphones and wearable fitness products, could be at risk from security flaws disclosed last week.

The bugs, collectively called Name:Wreck, prompted Singapore's cyber-security watchdog to issue an alert last Thursday (April 15) and urge organisations to apply patches immediately.

Here is how the bugs could affect consumers:

Q: How can the Name:Wreck flaws be abused by hackers?

A: The bugs affect the Domain Name System (DNS), which is the Internet's phone book used to easily find websites online. The DNS does this by matching website names to Internet Protocol addresses that identify where devices are on the Internet.

Specifically, the flaws affect four popular sets of rules, called stacks, that govern how devices can "talk" to one another over a network such as the Internet.

The Name:Wreck vulnerabilities can allow cyber crooks to mess this up for their benefit, by taking over control of devices and taking them offline, as well as steal data.

For example, cyber-security firm Forescout Research Labs said ultrasound machines that connect to a website to get firmware updates could be compromised.

A crook could use the Name:Wreck bugs to redirect the ultrasound machines to his site to instead download fake firmware he made that is malicious.

The infected ultrasound machines could then be instructed by the malware to upload medical records to the criminal.

Citing Forescout, tech website Bleeping Computer reported that crooks could also hypothetically attack building functions in homes, such as lighting, heating and ventilation, if these are connected to the Internet. Internet-linked security systems could be switched off too.

Mr Jeffrey Kok, vice-president of solution engineers for the Asia-Pacific and Japan at cyber-security firm CyberArk, told The Straits Times that crooks could also cause some affected consumer electronic devices to hang or crash.

Q: How real is the threat to consumers and how can they protect themselves?

A: Security experts agree that Name:Wreck poses a threat to organisations, but the impact on consumers could be less.

Forescout, which discovered the bugs with another cyber-security firm, JSOF Research, said that not all devices running the affected stacks are vulnerable.

Mr Kok said the affected platforms are also not used by most home and workforce users, so most consumers are not at risk.

For example, most mainstream smartphones use the Android and iOS operating systems, which are not affected.

"The platforms that are vulnerable are used primarily in healthcare, operational technology environments and similar niche use cases," said Mr Kok.

For vulnerable home devices, it is theoretically possible for hackers to use malware to infect a person's home computer to attack a consumer electronic device connected to the same home Internet network. But "there is little incentive for them to do so compared to creating ransomware to make more money or cause more destruction", Mr Kok said.

Still, if an attack does occur that causes a home device to crash, consumers can resolve this by rebooting their devices, he said. And if an infected home computer is carrying out the attack on the device, switch the PC off too.

However, he noted that in settings like healthcare, abusing the Name:Wreck flaws to crash equipment "can severely impact day-to-day operations".

Mr Jonas Walker, cyber-security strategist for the Asia-Pacific at IT security firm Fortinet's FortiGuard Labs, said consumers can also check for patches for their Internet-connected devices and apply them to plug security gaps.

Internet service providers offer layers of protection and Web filtering that can help, so connecting devices to the Internet through their networks is advisable, he added.