Check Point releases Misfortune Cookie findings
Researchers in Check Point's Malware and Vulnerability Research Group uncovered a vulnerability that is present in millions of residential gateway (SOHO router) devices from different models and makers. It has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to take over a gateway device remotely, with administrative privileges.
To date, researchers have distinctly detected at least 12 million readily exploitable devices connected to the internet across the globe, making this one of the most widespread vulnerabilities revealed in recent years.
Key findings:
If undiscovered, an attacker could take control of millions of routers around the world, and use that access to control and steal data from the wired and wireless devices connected to the network;
The affected software is the embedded web server RomPager from AllegroSoft, which is typically embedded in the firmware released with devices; and
"Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world, and, if left undetected and unguarded, could allow hackers not only to steal personal data, but control peoples' homes," said Shahar Tal, Malware and Vulnerability Research Manager of Check Point Software Technologies. "At Check Point, we are dedicated to protecting the internet and its users by staying ahead of attackers. Our Malware and Vulnerability Research Group remains focused on uncovering security flaws and developing the necessary real-time protections to secure the internet."
For more information about Misfortune Cookie, affected devices, and how consumers and businesses can protect themselves from this vulnerability, go to mis.fortunecook.ie.
Check Point's Malware and Vulnerability Research Group regularly performs assessments of common software to ensure the security of internet users worldwide.
For more, go to www.checkpoint.com/threatcloud-central