News has broken that up to 400,000 customers were at risk of critical flaw that could have given an attacker control over their home Wi-Fi network. IT security experts commented below.
Christopher Littlejohns, EMEA Engineer at Synopsys:
“What is not revealed in most of the reporting of this issue is that the vulnerability detected is one of the most common and easily exploited issues in many internet devices; i.e. hard coded credentials for privileged accounts.
“In this particular case, root access – hence the ability to take over the device and use it for many nefarious purposes. These types of issues arise out of poor or absent requirements, secure software development policies, development practises and verification approaches. These days, It is usually quite simple to detect and fix this type of vulnerability during the development stage of the software, typically using human code reviews and automated solutions such as Static Analysis (SAST).
“Unfortunately product developers have a great deal to do to apply the best practices both the development of new products, but also detecting legacy product issues which have their origin in code that may have been developed many years ago. There is clearly a vast amount of vulnerable software in legacy products created well before the current level of criminality targeting connected devices. It will take many years for organisations to pay off this debt, in fact it is more likely that the devices become obsolete and are discarded than the security holes in them are fixed during their useful lifetime.”
James Brown, Global Vice President, Technology Solutions at Alert Logic:
“The home router; the backdoor someone else left open… This has been an issue before, and this will not be the last time. Any form of widely distributed device or software is likely to be a target for hackers. It allows them to target the maximum number of people with the minimum amount of work. In this case, it has created an open backdoor in a large number of households, allowing the attackers to eavesdrop on the network. That could be your credit card details as you shop online, your banking credentials as you check your account or even access to your company data if you are working from home.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.