Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH host keys or HTTPS server certificates.
An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them.
Several DSL routers from different manufacturers contain a guessable hard-coded password that allows accessing the devices with a hidden administrator account.
Some of the vulnerabilities could allow attackers to take over the affected devices.
Tens of routers and other embedded devices from various manufacturers likely have the flaw, security researchers said.
The devices have serious flaws that enable unauthorized remote access and DNS hijacking, a researcher found
The vulnerability allows attackers to extract admin passwords and wireless network keys
In the wake of revelations about eavesdropping Samsung and LG smart TVs, don't forget the wide world of HTPC options available.
Researchers will compete to exploit previously unknown vulnerabilities in popular home routers.
Attacks are likely to continue and manufacturers are largely unprepared to respond, security researchers say
The latest firmware for some Philips smart TVs opens an insecure Miracast wireless network by default, security researchers from ReVuln said.
Although cyberattacks caused just 6 percent of significant outages of public electronic communications networks and services in the E.U. last year, they affected more people than hardware failure, a much more common factor in service disruptions, according to a report from the European Union Agency for Network and Information Security (ENISA).
The hacker group calling itself the Syrian Electronic Army (SEA) broke into the customer support website for Viber, an instant messaging and Voice-over-Internet-Protocol (VoIP) application available for both mobile and desktop operating systems.
Thousands of wireless IP cameras connected to the Internet have serious security weaknesses that allow attackers to hijack them and alter their firmware, according to two researchers from security firm Qualys.
Financial malware authors are trying to evade new online banking security systems by returning to more traditional phishing-like credential stealing techniques, according to researchers from security firm Trusteer.
Articles by Lucian ConstantinNext Page