Sign In

Communications of the ACM

ACM TechNews

Scan of Internet ­ncovers Thousands of Vulnerable Embedded Devices

View as: Print Mobile App Share:
Linksys router vulnerability rate

Linksys router vulnerability rate

Credit: Wired News

A scan of the Internet by Columbia University researchers searching for vulnerable embedded devices has found that nearly 21,000 routers, Webcams, and VoIP products are vulnerable to remote attack. They say there could be as many as 6 million vulnerable devices on the Internet. The scan also found that the devices' administrative interfaces are viewable from anywhere on the Internet, and their owners have not changed the devices' passwords from the manufacturer's default.

The study scanned networks belonging to the largest Internet service providers (ISPs) in North America, Europe, and Asia, and vulnerable devices were found in significant numbers in all parts of the world. Since starting the project last December, the researchers have scanned 130 million IP addresses and found nearly 300,000 devices whose administrative interfaces were remotely accessible from anywhere on the Internet. Devices with default passwords are most vulnerable, but others are theoretically vulnerable to brute-force password-cracking attacks.

The researchers have provided ISPs with their findings, but Columbia professor Salvatore Stolfo says product manufacturers are the real culprits. He says that they need to hide their administrative interfaces by default and give customers clear instructions on how to alter the configuration to protect themselves. Stolfo also says that vendors should be more vocal in encouraging customers to change default passwords.

From Wired News
View Full Article


Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account