Security holes put 100 million IoT devices at risk

IoT devices
(Image credit: Shutterstock)

A new set of DNS vulnerabilities have been disclosed by Forescout Research Labs, in partnership with JSOF, with the potential to impact over 100m consumer, enterprise and industrial IoT devices.

The vulnerabilities, dubbed NAME:WRECK, affect four popular TCP/IP stacks including FreeBSD, IPnet, Nucleus NET and NetX which are used in well-known IT software and popular IoT/OT firmware. FreeBSD is used for high performance servers in millions of IT networks including Netflix and Yahoo while IoT/OT firmware such as Siemens' Nucleus NET has been used for decades in critical OT and IoT devices.

Research manager at Forescout Research Labs, Daniel dos Santos explained in a press release that patching vulnerable versions of IP stacks is the only way organizations can defend themselves against possible NAME:WRECK exploits, saying:

“NAME:WRECK is a significant and widespread set of vulnerabilities with the potential for large scale disruption. Complete protection against NAME:WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organisations to make sure they have the most up to date patches for any devices running across these affected IP Stacks.” 

NAME:WRECK vulnerabilities

The NAME:WRECK vulnerabilities have the potential to impact organizations across all sectors including government, enterprise, healthcare, manufacturing and retail. For instance, in the UK more than 36,000 devices are believed to be affected. If exploited, cybercriminals or other bad actors can leverage these vulnerabilities to take target devices offline or assume control of their operations.

Some hypothetical yet entirely plausible scenarios of what bad actors could do include exposing government or enterprise servers, compromising hospitals, impacting manufacturing or shutting down retailers according to Forescout. Sensitive government or business data could be exposed, medical data could be stolen, production lines could be tampered with and retailers' lights could be switched off to disrupt their operations.

However, bad actors could also tap into access control systems and other critical building functions of residential and commercial spaces such as apartments or major hotel chains to endanger the safety of residents or guests.

According to dos Santos, “unless urgent action is taken to protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited”.

Forescout has published an advisory mitigation strategy for vendors as well as a full report detailing its findings on NAME:WRECK.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
IoT’s botnet problem is up 500% – three things admins must do now
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news