Jump to content

PSA:12 million home / business routers vulnerable to hijacking ( misfortune cookie)

ahhming
 Share
Posted

Dub the "Misfortune Cookie", it is a critical vulnerability that allows an intruder to remotely take

over a residential gateway device and use it to attack the devices connected to it.

The vulnerability resides in "RomPager" software, embedded into the residential gateway devices, made by a company known as AllegroSoft. Versions of RomPager prior to 4.34 contain a critical bug that allows attackers to send simple HTTP cookie files that corrupt device memory and hand over administrative control. Attackers can use that control to read plaintext traffic traveling over the device and possibly take other actions, including changing sensitive DNS settings and monitoring or controling Web cams, computers, or other connected devices.

To date, researchers have distinctly detected at least 12 million readily exploitable devices connected to the Internet present in 189 countries across the globe, making this one of the most widespread vulnerabilities revealed in recent years. Manufacturers affected included Linksys, D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

The risk stemming from the vulnerability goes well beyond attackers being able to monitor unencrypted data. It also includes attackers using a hijacked router to infect connected computers and Internet-of-things devices. Normally, routers act as a firewall that filters out such remote attacks. In the event it's affected by the Misfortune Cookie bug, they could become beachheads for attacking the rest of a local network.

List of affected model :

http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf

Source:

http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf

http://arstechnica.com/security/2014/12/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

News like this shouldnt even matter anymore.

 

If someone's going to hack you. They will regardless of what protection you have.

thats about the gist of the internet isnt it, its definately a wild west show. still this sucks

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Fortunately my model isn't on there, but quite a few popular D-Link ones are.

 

 

News like this shouldnt even matter anymore.

 

If someone's going to hack you. They will regardless of what protection you have.

That's... a really terrible attitude you have. I sincerely hope you're never in charge of any network security.

 

That's like saying we shouldn't have laws about murdering someone, because if they want to kill your ass, you're dead.

 

Sure, a dedicated hacker will likely find a way around, but you shouldn't be inviting them in with blatant security flaws.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Fortunately my model isn't on there, but quite a few popular D-Link ones are.

 

 

That's... a really terrible attitude you have. I sincerely hope you're never in charge of any network security.

 

That's like saying we shouldn't have laws about murdering someone, because if they want to kill your ass, you're dead.

 

Sure, a dedicated hacker will likely find a way around, but you shouldn't be inviting them in with blatant security flaws.

Not what i meant. Its just nothing new that there are flaws in stuff. 

 

There will always be flaws, so yes, people should fine them, but no one should really be surprised. 

Awesome Wallpapers made by yours truly! | TECH THEMED WALLPAPERS!

 

What happened to your profile picture and who is this Tanku Neko guy?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Good my Dlink-615 isn't vulnerable.

  ﷲ   Muslim Member  ﷲ

KennyS and ScreaM are my role models in CSGO.

CPU: i3-4130 Motherboard: Gigabyte H81M-S2PH RAM: 8GB Kingston hyperx fury HDD: WD caviar black 1TB GPU: MSI 750TI twin frozr II Case: Aerocool Xpredator X3 PSU: Corsair RM650

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

News like this shouldnt even matter anymore.

 

If someone's going to hack you. They will regardless of what protection you have.

That might be true... but I want to make it as hard for them as possible to get at my home router to protect my data even if it is hours and hours of Twitch and You Tube videos.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

DD-wrt/open-WRT/tomato ftw.

 

never had a problem with these other than the bash bug a few months ago.

"If a Lobster is a fish because it moves by jumping, then a kangaroo is a bird" - Admiral Paulo de Castro Moreira da Silva

"There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown

Spoiler

Intel Core i7-3960X @ 4.6 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×