Vulnerability allows hackers to take control of home Internet routers

  • Found in residential gateway devices of different models from different makers
  • 12mil readily exploitable devices connected to the Internet across the globe
Vulnerability allows hackers to take control of home Internet routers

CHECK Point Software Technologies Ltd has issued an alert on ‘Misfortune Cookie,’ a critical vulnerability that allows an intruder to remotely take over a residential gateway device and use it to attack the devices connected to it.

Researchers in Check Point's Malware and Vulnerability Research Group uncovered the vulnerability present on millions of residential gateway (SOHO or small office/ home office router) devices of different models from different makers.
 
It has been assigned the CVE-2014-9222 identifier, the company said in a statement.
 
This severe vulnerability allows an attacker to remotely take over a gateway device with administrative privileges, the company said – including smart appliances and home systems in a smart home.

To date, researchers have distinctly detected at least 12 million readily exploitable devices connected to the Internet across the globe, making this one of the most widespread vulnerabilities revealed in recent years, Check Point said.

Key findings:

  • If undiscovered, an attacker could take control of millions of routers around the world, and use that access to control and steal data from the wired and wireless devices connected to the network.
  • The affected software is the embedded web server RomPager from AllegroSoft, which is typically embedded in the firmware released with devices.
  • No devices from Check Point have been compromised by this vulnerability, the company claimed.

“Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world, and if left undetected and unguarded, could allow hackers to not only steal personal data, but control peoples' homes,” said Shahar Tal, Malware and Vulnerability research manager at Check Point Software Technologies.
 
For more information about Misfortune Cookie, affected devices, and how consumers and businesses can protect themselves from this vulnerability, visit mis.fortunecook.ie.
 
Related Stories:
 
Universal PnP devices being harnessed for massive DDoS attacks
 
How to secure your WiFi network
 
500+ smart devices in a typical home by 2022: Gartner
 
 
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.

 
Keyword(s) :
 
Author Name :
 

By commenting below, you agree to abide by our ground rules.

Subscribe to SNAP
Download Digerati50 2018-2019 PDF

Digerati50 2018-2019

Get and download a digital copy of Digerati50 2018-2019