Software that runs home routers, cell phones and personal digital assistants is rife with security bugs.
Barnaby Jack, a Juniper Networks security researcher, gave a tutorial at the CanSecWest conference here on how bug hunters can find exploitable vulnerabilities in such devices and demonstrated an attack on a D-Link router using a yet-to-be-patched hole.
“Security flaws are abundant on these devices,” Jack said. “Security needs to reach further than a home PC. Insecure devices pose a threat to the entire network. Hardware vendors must take security into consideration.” He has discovered a way to turn a common type of computing error — called a null pointer dereferencing error — into something far more dangerous than previously thought. Researchers have known for years how to create these flaws, which occur when the computer tells a program that the part of memory that it’s looking for is invalid, or “null.”
Above excerpts from C|Net and Network World. Links to full articles here:
Q: So what can we do to prevent such attacks on these devices today?
A1: Utilize a defense-in-depth strategy. Protect yourself as though your home router has already been compromised. This means putting firewall software on every home computer. Make sure your anti-virus and anti-spyware software are up-to-date. Consider putting an additional firewall (from a different manufacturer) inline with your first firewall (experts only).
A2: Know your make and model of home router. Visit the manufacturer’s or service provider’s website and see if there are updates that address this problem.