Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

12 million home and business routers vulnerable to critical hijacking hack


  • Please log in to reply
2 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:00 PM

Posted 18 December 2014 - 08:21 PM

 

More than 12 million routers in homes and small offices are vulnerable to attacks that allow hackers anywhere in the world to monitor user traffic and take administrative control over the devices, researchers said.

The vulnerability resides in "RomPager" software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control. Attackers can use that control to read plaintext traffic traveling over the device and possibly take other actions, including changing sensitive DNS settings and monitoring or controling Web cams, computers, or other connected devices. Researchers from Check Point's malware and vulnerability group have dubbed the bug Misfortune Cookie, because it allows hackers to determine the "fortune" of an HTTP request by manipulating cookies. They wrote:

 

12 million home and business routers vulnerable to critical hijacking hack

 

 

.



BC AdBot (Login to Remove)

 


#2 Ezzah

Ezzah

  • Members
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:00 PM

Posted 18 December 2014 - 08:25 PM

Here's a list of all the vulnerable routers, btw:

 

http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf


mYIGVc5.png


#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,570 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:01:00 AM

Posted 18 December 2014 - 08:41 PM

The list is self admittedly by no means complete. To add just a bit of perspective. Thats approximately 12 million SOHO devices in 189 countries. So this is truly a global issue.

The above information is taken from Ezzah's .pdf link. Under the How Many Devices Are Affected heading.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users