12 million homes and business routers vulnerable to remote attack

It may be Christmas time for most of us, and we may get a chance to put our feet up and relax. For hackers, however, it’s business as usual. According to security software company, Check Point, hackers aren’t particularly keen on bringing any festive cheer to households and businesses: they’re much happier exploiting loopholes and stealing information. So what’s the latest cause of concern for the security industry? Well, according to Check Point, its researchers have discovered a critical software bug that can be exploited by hackers to remotely monitor users’ traffic and take administrative control over the routers produced by many different manufacturers. Check Point estimates that this this critical software bug could leave more than 12 million homes and businesses around the world vulnerable to remote attack by determined hackers.

Check Point found that the critical vulnerability actually resided in web server “RomPager” made by a company known as AllegroSoft. Unfortunately the vulnerability is embedded into the firmware of router, modems and other “gateway devices” of just about every leading manufacturer (the HTTP server provides the web-based user-friendly interface for configuring the products). Check Point’s researchers discovered that old software, RomPager versions, up to and including 4.34, are vulnerable to a critical bug, which has been dubbed as Misfortune Cookie — so called because  it allows attackers to control the ‘fortune’ of an HTTP request by manipulating cookies.

Check Point says the vulnerability, tracked as CVE-2014-9222 in the Common Vulnerabilities and Exposures database, can be exploited by sending a single specifically-crafted request to the affected RomPager server that would corrupt the gateway device’s memory. This would then give the hacker administrative control over the device, and allow the attacker to target any other device on that network.

According to Shahar Tal, Check Point’s malware and vulnerability research manager:

“Attackers can send specially crafted HTTP cookies [to the gateway] that exploit the vulnerability to corrupt memory and alter the application and system state. This, in effect, can trick the attacked device to treat the current session with administrative privileges – to the misfortune of the device owner.”

Check Point believes that once attackers have gained the control of the device, they could monitor a victims’ web browsing, read plaintext traffic traveling over the device, change sensitive DNS settings, steal account passwords and sensitive data, and monitor or control Webcams, computers, or other network connected devices.

So which major routers and gateway brands does Check Point believe to be vulnerable? Well, the firm believes at least 200 different models of gateway devices, or small office/home office (SOHO) routers from various manufacturers and brands are vulnerable to Misfortune Cookie, including devices from D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

The reason why Check Point is so concerned is that bug can not only affects routers, modems and other gateway devices, but also anything connected to them from PCs, smartphones, tablets and printers right up to “smart home” devices like toasters, refrigerators and security cameras. The problem is if a vulnerable router is compromised, then all the networked devices within that LAN are also at risk. What’s more the Misfortune Cookie flaw can be exploited by an attacker from anywhere in the world, even if the gateway devices are not configured to expose its built-in Web-based administration interface to the wider Internet. That makes the vulnerability more dangerous. According to Shahar Tal:

“We [Check Point] believe that devices exposing RomPager services with versions before 4.34 (and specifically 4.07) are vulnerable. Note that some vendor firmware updates may patch RomPager to fix Misfortune Cookie without changing the displayed version number, invalidating this as an indicator of vulnerability.”

“Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world, and if left undetected and unguarded, could allow hackers to not only steal personal data, but control peoples’ homes”

If you are concerned about the escalating security challenges and risk management issues facing your business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping your business assess its security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.

Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security consulting, please contact Krypsys on 01273 044072 or [email protected].