14 DAY TRIAL // Administrative control of about 12 million home and business routers from different vendors can be achieved by exploiting a recently discovered critical security bug researchers call Misfortune Cookie.
The vulnerability is severe because routers are the network gateway for a large number of devices in a household or an office, ranging from computers, mobile phones and printers to IP cameras, tablets, smart TVs and Internet of Things devices; they all connect to the router and can also be compromised.
The issue was resolved nine years ago, good code did not make it through
“An attacker exploiting the Misfortune Cookie vulnerability can easily monitor your Internet connection, steal your credentials and personal or business data, attempt to infect your machines with malware, and over-crisp your toast,” say the researchers at Check Point, who discovered the glitch.
The Misfortune Cookie vulnerability is easily exploitable, all the intruder has to do is send a specially crafted cookie to the public IP address of the device in order to take total control of it.
The glitch resides in the HTTP cookie management mechanism of the RomPager software embedded in the firmware of the routers. The software is developed by a company named AllegroSoft.
Researchers at Check Point say that the vulnerability was introduced in the code base in 2002. Ironically, AllegroSoft did their part of the job and fixed the error in their software in 2005, which was delivered to licensed manufacturers.
Unfortunately, due to a slow patching process, the corrected piece of code has not been adopted by all router vendors and vulnerable versions of RomPager are still included in the firmware.
By manipulating cookies, an attacker can determine the “fortune” of an HTTP request, hence the name of the vulnerability.
Popular router models are affected
The list of affected devices includes more than 200 models, according to the findings of the researchers, who scanned the Internet for exploitable devices and retrieved results from 189 countries.
The code from AllegroSoft is highly popular and has been included in firmware for D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL. However, the list shows other models, too.
In order to reduce the risks stemming from a potential exploitation of this weakness by a bad actor, the researchers recommend protecting sensitive documents with a password and trying to stay on an encrypted connection (HTTPS) when browsing the web.
At the moment, there isn’t much users can do to protect themselves until a patch is created for their router. Most of the times, the updates are not automatic, so it is advisable to check with increased frequency for the availability of a new router firmware.
