Misfortune Cookie Crumbles Millions of Security Systems

Posted on

Check Point Software Technologies recently revealed a flaw in millions of routers that allows the devices to be controlled by hackers.

The company’s Malware and Vulnerability Group detected 12 million Internet-connected devices that have the flaw.

The vulnerability, which Check Point dubbed “Misfortune Cookie,” can be found in the code of a commonly used embedded Web server, RomPager from AllegroSoft. A system attacker can exploit it to take control of a router and use it to steal data from both wired and wireless devices connected to a network.

Fixes for the flaw have been available since 2005, but 98 percent of the devices using RomPager haven’t been updated and still contain the vulnerable version of the software.

Even if device makers had been on the ball and kept the embedded subsystems on their hardware up to date, chances are there still would be lots of vulnerable devices connected to the Net, observed Shahar Tal, malware and vulnerability research manager at Check Point Software Technologies.

“Most people don’t install upgrades to their firmware,” he told TechNewsWorld. “That’s why we believe this vulnerability will stay around for months and years to come.”

Thing Attacks

Infected routers aren’t a new attack vector for Net marauders. A widely reported incident early this year included routers in a malicious email campaign that flooded the Internet with 750,000 junk messages. Thousands of other gadgets also were used to disseminate the spam — things like home media centers, televisions, and at least one smart refrigerator.

Proofpoint, which discovered that caper, explained that it didn’t take rocket science to compromise the devices. Attackers simply exploited misconfigurations or factory-set passwords to crack them.

Billed as the first large-scale attack using the Internet of Things, the Proofpoint discovery may be a sign of things to come down the road.

“I don’t think this will be widespread in 2015, and we don’t expect that IoT devices will be main targets, but it will start to evolve next year,” said Cathal McDaid, head of data intelligence and analytics for AdaptiveMobile.

A number of things make IoT devices ripe for hacking. They’re not monitored by people as a phone or computer would be. They don’t get upgraded often, and they may reside in out-of-the-way locations.

Attacks on IoT devices in 2015 likely will mirror the Proofpoint incident.

“Next year, we may see some of these mobile IoT devices compromised to send spam,” McDaid told TechNewsWorld. “Spam generated might be email — or if they are able to send text messages, then spam SMS.”

Misfortune Cookie Crumbles Millions of Security Systems

Asleep in the Corner Office

Since the limelight has shone on information security at Sony, a multitude of sins have been exposed, including a tidbit about the company’s CEO, Michael Lynton, being regularly reminded in insecure emails of secret passwords for his personal and family mail, banking, travel and shopping accounts.

Security naivete isn’t limited to Sony’s corner office. Many CEOs are disconnected from the cyberthreats hurled at their companies every day.

For example, 80 percent of CEOs in corporate America don’t have any idea their company’s systems are being attacked on a regular basis, suggests a survey released earlier this year by Lancope and the Ponemon Institute.

Recent events at Sony may be changing that level of awareness, though.

“They are changing their behavior now, but it’s a painful process,” Lancope CTO Tim “TK” Keanini told TechNewsWorld.

Lack of awareness isn’t limited to the corner office, either — not when companies have to be told by outside parties that systems have been breached.

“Defenders need to detect a threat in its early stages, not when the Secret Service calls you — not when your source code is posted to Pastebin,” Keanini said. “If that’s your form of detection, we’ve got worse things coming.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s