CIP Cyber

Over 12 Million Routers are Exposed to Critical hijacking Hack

Table of Contents

More than 12 million routers in homes and small offices are vulnerable to attacks that allow hackers anywhere in the world to monitor user traffic and take administrative control over the devices, researchers said.

Source: thehackernews

The vulnerability resides in “RomPager” software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control. Attackers can use that control to read plaintext traffic traveling over the device and possibly take other actions, including changing sensitive DNS settings and monitoring or controling Web cams, computers, or other connected devices. Researchers from Check Point’s malware and vulnerability group have dubbed the bug Misfortune Cookie, because it allows hackers to determine the “fortune” of an HTTP request by manipulating cookies. They wrote:
   “If your gateway device is vulnerable, then any device connected to your network—including computers, phones, tablets, printers, security cameras, refrigerators, toasters or any other networked device in your home or office network—may have increased risk of compromise. An attacker exploiting the Misfortune Cookie vulnerability can easily monitor your Internet connection, steal your credentials and personal or business data, attempt to infect your machines with malware, and over-crisp your toast.”

Determining precisely what routers are vulnerable is a vexing undertaking. Devices frequently don’t display identifying banners when unauthenticated users access them, and when such banners are presented, they often don’t include information about the underlying software components. Beyond that, some device manufacturers manually patch the bug without upgrading the RomPager version, a practice that may generate false positives when automatically flagging all devices running versions prior to 4.34. To work around the challenges, Check Point researchers performed a comprehensive scan of Internet addresses that probed for vulnerable RomPager services. The results showed 12 million unique devices spanning 200 different models contained the bug. Manufacturers affected included Linksys, D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

Check Point has uncovered no evidence the vulnerability has been actively exploited, but researchers couldn’t rule out such attacks, either. In-the-wild exploits might at least partially explain a rash of hacks earlier this year that remotely hijacked hundreds of thousands of routers on two separate occasions. What’s more, Thursday’s disclosure is likely to spur blackhats to begin exploiting the vulnerability.

The critical vulnerability was introduced in 2002, and a fix was made available three years later. As demonstrated by Check Point’s finding that 12 million devices are susceptible to Misfortune Cookie attacks, the fix has yet to make its way into a significant number of routers. The bug has been assigned the identifier CVE-2014-9222.

Read Full Article on arstechnica

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Acunetix Integrated with OpenVAS for Network Pentest

Acunetix, the pioneer in automated web application security software, has announced that all versions of the Acunetix Vulnerability Scanner now support network security scanning. Network security scans are

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings