Millions of Home Routers at risk by ‘Misfortune Cookie’ flaw

Researchers at Check Pont have found a critical vulnerability affecting millions of Home and SME Routers, which seems to have gone unnoticed for more than a decade. The serious security flaw, detected by the firm’s Malware and Vulnerability Reasearch Group, called the ‘Misfortune Cookie’ flaw, will be highlighted at the forthcoming security conference by Check Point’s researchers, but it is fortunate that no real-world attacks have been reported so far.

A hacker or attacker can exploit the flaw and monitor all types of data, like files, emails or logins, going through a gateway. The attacker can infect the connected devices with malware too. The researchers said man-in-the-middle attacks too are possible. The chipset software development kit (SDK) is suspected, but exact source of the issue is still unknown. According to Check Point the models using the RomPager embedded web-server software, using a version prior to 4.34, were what could be vulnerable, which is in up to 200 unpatched models.

The researchers estimate that probably 12 million devices in the least are vulnerable across the globe, but even this can be an underestimated number. The issue originated in 2002 and an update 3 years after should have fixed it. However the patch progation cycle is very slow in these devices and many are still shipped with the vulnerablitiy, says Check Point. The flaw has been designated CVE-2014-9222. The RomPager is popular and the affected brands include- ZTE, Huawei, D-Link, Edimax, TP-Link and ZyXEL, whose models are sold to home users.

Home routers have been found to be more prone to security issues. Many are harldy publicised or known, but to hackers. If there are any security updates, which is rare, the users seldom use them. An alternative advised is to update the product in a few years, as the more recent ones are assumed to have flaws that are better known. Apparently, back doors and security flaws in leading brand products have become more common now.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!