Emerald Business Systems Blog

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Posted in General Business,Online Business,Security by ebs4pos on October 24, 2009

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack. Their administrative interfaces are viewable from anywhere on the internet and their owners have failed to change the manufacturer’s default password.

Linksys routers had the highest percent of vulnerable devices found in the United States — 45 percent of 2,729 routers that were publicly accessible still had a default password in place. Polycom VoIP units came in second, with default passwords lingering on about 29 percent of 585 devices accessible over the internet.

“You can reflash the firmware or install any software you wish on vulnerable devices,” said Salvatore Stolfo, a Columbia University computer science professor who is overseeing the research project aimed at uncovering vulnerable appliances on the internet. “These devices will be owned and used by bot herders and other miscreants.”

Hackers can use vulnerable routers to conduct click fraud or DNS cache poisoning attacks or to launch attacks on other systems. (See our recent Threat Level story about vulnerable routers used by Time Warner customers.) Someone with remote access to the administrative interface of a VoIP system would also be able to install firmware to record conversations.

via Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices | Threat Level | Wired.com.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: