Tripwire researchers have found that organizations using Ruckus internet routers may be at risk of compromise, particularly when the access points are used to provide customers with Wi-Fi access. IT security experts from ESET and Lieberman Software commented below.
Mark James, Security Specialist at ESET:
“The need to keep costs down to continue to sell products into a saturated market will of course lead to shortcuts and may even include substandard parts. The electronics industry is no different to any other, at one time purchasing a nice shiny electronic device would bring years of enjoyment but quite often these days that’s short-lived. We live in a throwaway era, the price is often so low on some goods we factor in our expectance that it will most probably need to be replaced within 18-20 months but just because the price is low does not mean its security needs to be compromised.
Most modern day setups at home these days will involve a router or ADSL/cable modem forcing all traffic intended for the internet to pass through it. This in effect creates a single point of opportunity if someone wants to steal or spy on that info so surely that should be our strongest point? Sadly No. the firmware or software used to control these devices may come with all manner of vulnerabilities enabling an attacker to sit quietly on these devices (man-in-the-middle) doing as they please. With all the hype around these types of attacks manufacturers need to step up and ensure their devices are safe, upgradeable and more importantly ensure they clearly inform users in the dangers of changing default passwords and maintaining firmware updates. These devices are often purchased, configured and then placed in a corner gathering dust never to be touched again.”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“It would be very nice to say the poor security results in this enterprise network device testing by Tripwire were an outlier, but the sad truth is that poor security is the norm. The reason why is simple – the market doesn’t demand security as part of quality. Just like it took Nader and a huge consumer push to get auto manufacturers to take safety seriously, the only way technology companies will take our data safety seriously is if there is an immense focus on this by a majority of buyers. Until buyers unite and demand that penetration testing becomes part of standard quality assurance testing, technology makers will naturally do the least effort to ensure maximum profit.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.