An estimated 50% of home internet users are at risk from a bug affecting their routers.
The so-called Misfortune Cookie vulnerability uncovered by researchers from Check Point’s malware and vulnerability research group has been described as a severe vulnerability that allows an attacker to remotely take over the device.
The affected software is the embedded web server RomPager from AllegroSoft, which is typically embedded in the firmware released with router and gateway devices.
Check Point Software Technologies has estimated there are approximately 12 million readily exploitable unique devices connected to the internet present in 189 countries across the globe, making this one of the most widespread vulnerabilities revealed in recent years. Research suggests the true number of affected devices may be even greater.
In April 2014, telecoms software firm Nominum warned 24 million routers around the world could be used by cyber criminals to launch massive distributed denial-of-service attacks.
This latest vulnerability affects embedded software in the router’s firmware.
According to Check Point, a vulnerable internet gateway device would affect any device connected to the user’s network, including computers, phones, tablets, printers, security cameras and other devices.
“Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world and, if left undetected and unguarded, could allow hackers to not only steal personal data, but control peoples’ homes,” said Check Point Software Technologies malware and vulnerability research manager Shahar Tal.
Attackers can use vulnerability to steal data
Check Point said an attacker exploiting the Misfortune Cookie vulnerability would be able to monitor the user’s internet connection, steal credentials and personal or business data, or attempt to infect other machines on the network with malware.
According to Check Point, at least 200 models of devices from various manufacturers and brands currently expose a vulnerable service on the public internet address space. The majority of these devices are residential gateways. The list includes models by D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL, among others.
Check Point said: “We suspect the source for inclusion of the vulnerable piece of software is a common chipset software development kit (distributed to the different manufacturers), however this cannot be confirmed at this point.”
Check Point has recommended consumers and small businesses install an additional firewall, such as ZoneAlarm. Advanced users and IT administrators should check if their router manufacturer has issued a firmware update.