Life With Ripple20: How To Harden Deployed IoT Devices?

  • Ripple20 vulnerabilities highlight general cybersecurity problem in IoT networks
  • Security patches just a drop on the hot stone due to supply chain dissemination
  • Connected IoT devices need an integrated cybersecurity function that works vendor-agnostic

Leipzig / Germany, July 2, 2020 - The discovery of the Ripple20 vulnerabilities once again demonstrates the blatant cybersecurity issues of IoT networks. What makes the 19 vulnerabilities that experts from Israeli research lab JSOF discovered as early as September 2019 particularly problematic: In many places, the affected software library by software company Treck can no longer be identified at all. The library is crucial to network communication of IoT devices and has been around for over 20 years. Buyers can adapt the library to their own requirements, develop it further and even resell the result under their own name or as a white label. In the 1990s, there was also a collaboration with the Japanese company Zuken Elmic, who independently developed the product further.

The researchers at JSOF speak of supply chain dissemination and warn. »The original purchaser could decide to rebrand, or could be acquired by a different corporation, with the original library history lost in company archives. Over time, the original library component could become virtually unrecognizable.«1 The traces of the library are largely obscured. Even the major manufacturers like Schneider Electric, HP and Rockwell Automation cannot be sure that they can identify all traces in their IoT devices. This is because these devices may contain further third-party components in which the library could be integrated under a different name. The bottomline: The comprehensive patching of the Ripple20 vulnerabilities is virtually impossible.

In their technical paper the JSOF researchers therefore recommend the use of deep packet inspection technology to detect and block anomalous IP traffic and behaviour of IoT devices. Since 2020 Rhebo offers Rhebo IoT Device Protection covering these functions. The solution also allows the easy upgrade even of already deployed IoT networks.

We’ll Have To Live with Ripple20

Furthermore, it must be assumed that Ripple20 is only a small ripple in the sea of IoT devices. IoT devices are notorious for their lack of cybersecurity and blatant security holes. Many of them are programmed deep into the code base. Shall all IoT devices be redesigned from scratch?

Of course, this is completely unrealistic. It would also not be effective. Currently, hundreds of millions of IoT devices are already in use. Every new development leaves flaws and vulnerabilities. There will never be a 100% secure technology. What is realistic is a cybersecurity approach that works independently of the functionalities of IoT technologies. 

IoT Cybersecurity Needs To Be Vendor-Agnostic

This cybersecurity approach must integrate cybersecurity on all IoT devices and must be tailored to their properties and functionalities. The solution to this is called Rhebo IoT Device Protection. It actively learns new threats, hence is not limited to known threat signatures. Instead, it also filters for actions that do not fit into the actual behavioural pattern of the device. For example, a large part of the exploits of Ripple20 resemble communication processes that appear legitimate to firewalls. In addition to signatures, Rhebo IoT Device Protection therefore also detects, blocks and reports anomalous behaviour. The solution is integrated directly on the IoT device to act locally and protect the rest of the fleet of connected IoT devices. This is even more important in IoT networks where connected devices run on identical technology.

For more information on Rhebo IoT Protection:



About Rhebo

Rhebo is the only vendor-independent provider of industrial monitoring solutions ensuring both cybersecurity and stability of ICS and IoT infrastructures. The German company’s solutions monitor all communication within the ICS and on distributed critical IoT devices. Any attacks, vulnerabilities as well as technical error states are reported in real-time. Thus, Rhebo vendor-neutrally supports  industrial, energy and water companies to increase cybersecurity, productivity and availability of their systems and plants to safeguard their digital transformation. 

In this role, the company is partner of the Alliance for Cyber Security of the Federal Office for Information Security (BSI), is actively developing standards and technical guidance in the Teletrust - Bundesverband IT-Sicherheit e.V. and the Bitkom Security Management Working Group.

Contact Rhebo

Kristin Preßler
Tel. +49-341-393-790-180