October 5th, 2015
Misfortune Cookie affects Millions of Routers
Researchers at Check Point, a security company, had discovered a serious security vulnerability that affects at least 12 million branded home and small-business routers that appears to have gone undetected for over ten years. Dubbed the ‘Misfortune Cookie’ flaw, Check Point plans to give a detailed account of the issue at a future security conference. It has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to remotely take over the device with administrative privileges.
The good news is that no real-world attacks using it have yet been detected, but the bad news is that it is a matter of time before malicious hackers discover it and allows them to remotely take over your router/network device with administrative privileges with potential disastrous outcome. If your gateway/router device is vulnerable, then any device connected to it including computers, phones, tablets, printers, security cameras, refrigerators, toasters or any other networked device in your home or office network – may have increased risk of compromise. An attacker exploiting the Misfortune Cookie vulnerability can easily monitor your Internet connection, steal your credentials and personal or business data, attempt to infect your machines with malware.
For more information, you may visit the following website from checkpoint http://mis.fortunecook.ie/ to see whether your router is among the affected devices and see if your device vendor provides firmware updates to address the Misfortune Cookie. Then apply the update as it is released. If all fails, you may wish to consider even switching to a non-vulnerable model or brand.