New vulnerability puts home routers, other devices at even higher risk

Bookmark This (opens in new window)

Software that runs home routers, cell phones and personal digital assistants is rife with security bugs.

Barnaby Jack, a Juniper Networks security researcher, gave a tutorial at the CanSecWest conference here on how bug hunters can find exploitable vulnerabilities in such devices and demonstrated an attack on a D-Link router using a yet-to-be-patched hole.

“Security flaws are abundant on these devices,” Jack said. “Security needs to reach further than a home PC. Insecure devices pose a threat to the entire network. Hardware vendors must take security into consideration.” He has discovered a way to turn a common type of computing error — called a null pointer dereferencing error — into something far more dangerous than previously thought. Researchers have known for years how to create these flaws, which occur when the computer tells a program that the part of memory that it’s looking for is invalid, or “null.”

Jack’s null pointer exploit is effective on the Arm and xScale processors that are widely used in embedded devices, but it does not work on Intel architecture processors used by PCs.

Above excerpts from C|Net and Network World. Links to full articles here:

http://www.networkworld.com/news/2007/041907-new-attack-puts-routers-cell.html?page=1

http://news.com.com/Bug+hunter+targets+routers%2C+other+gadgets/2100-1002_3-6177754.html

Q: So what can we do to prevent such attacks on these devices today?

A1: Utilize a defense-in-depth strategy. Protect yourself as though your home router has already been compromised. This means putting firewall software on every home computer. Make sure your anti-virus and anti-spyware software are up-to-date. Consider putting an additional firewall (from a different manufacturer) inline with your first firewall (experts only).

A2: Know your make and model of home router. Visit the manufacturer’s or service provider’s website and see if there are updates that address this problem.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s