Another massive internet vulnerability!
The “Misfortune Cookie” (CVE-2014-9222), a vulnerability affecting 12 million home/consumer-level routers across 189 countries, has been detected. This is something that largely affects home user and small-and-medium enterprise (SME) environments. But first, an announcement:
Cimpl IS NOT VULNERABLE TO THE MISFORTUNE COOKIE!
Vincent Parisien, VP of Technology had this to say: “Cimpl is not vulnerable to the Misfortune Cookie. As with all the other major internet vulnerabilities of 2014, our company has been consistently secure against online threats. We always take security seriously, and I’m happy to announce that the Misfortune Cookie poses no danger to any of our products and services.”
What are the risks?
This vulnerability could allow an intruder to remotely take over a residential gateway router and use it to attack all other devices linked to it. This is what a hacker can do with the Misfortune Cookie:
- Monitor your internet connection;
- Steal your credentials;
- Steal your personal or business data; and
- Infect your machines with malware!
Find out if your router is at risk! Here’s the list of devices known to be vulnerable: http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf
If your router is on this list, check the manufacturer’s website right away to get the most recent firmware! It’s important to find this out because if your router’s vulnerable, then anything connected to it is at risk:
- Security cameras
- Smart TVs
- Basically, any networked device!
What exactly is the Misfortune Cookie vulnerability?
The vulnerability is in the web server RomPager from Allegrosoft. Rompager is the most popular web server software in the world and is embedded in the software of at least 200 different models of routers. Rompager is (typically) used by consumers to configure their routers as part of the setup process (and later, troubleshooting, should that become necessary). Router manufacturers with vulnerable products include D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL, among others.
As you can see, it’s a big list of affected manufacturers, and it pretty much means that if you have wireless internet at home or at the office (of a small and medium-sized enterprise), you’re very likely to be at risk.
How can I tell if I’ve been hacked using the Misfortune Cookie?
Now, the list above might not cover all affected devices. You’re definitely at heightened risk if you have one of these devices, but even if your router isn’t on the list, you could still be impacted. Sadly, there’s no log for hacking done via the Misfortune Cookie. What you’d look for are more general “symptoms”, such as:
- An inability to log in to the router’s web interface
- Changed device settings that weren’t done by you!
And obviously, if you’ve been a recent victim of identity fraud and/or see crazy online purchases that weren’t done by you, the Misfortune Cookie is an additional suspect…
What can I do to protect against the vulnerability?
Several key tips:
- Above all else, work smarter and take your privacy seriously. Make sure that your devices, documents, and folders which contain sensitive information are password-protected. Use HTTPS connections to encrypt all your browser activity. What you should know, however, is that HTTPS won’t be useful if hackers have already compromised the router!
- Watch for firmware updates from your device vendor that are specifically geared toward plugging the Misfortune Cookie vulnerability, and apply the update as soon as it is released!
- If you can’t wait for the official firmware update and have a high level of technical skill, you may consider installing third-party alternative firmware in place of the official firmware. This will likely plug the Misfortune Cookie vulnerability, but you need to know that it will likely also void the warranty by your vendor!
- And if you have a vulnerable device but still want to keep on using it, you’d buy a new, non-vulnerable router as your primary gateway and use the vulnerable one as a bridge only (since the security of the new device will block out the vulnerability). This is one way to keep from adding to the e-waste that’s flooding the world.
Now, you should note that all of this is just to address a vulnerability in what should only be a part of your overall network security. You really should have firewalls, anti-virus software, and freshly-updated operating systems at all times.
Some final words…
It’s been quite the year for major, world-spanning internet threats. Just in recent memory, millions of devices and services have been susceptible to the Heartbleed bug, the Shellshock bug, and the Poodlebleed bug, just to name a few. It’s unavoidable, really. The only thing that we can do is keep alert for any new threats that crop up.
If you need help to work smarter and stay informed about online threats (and other technology management challenges), contact us at Cimpl! We’re Canada’s leader in IT and telecom expense management, and we are always happy to help clients deal with security threats!