A scan of the Internet by Columbia University researchers searching for vulnerable embedded devices has found that nearly 21,000 routers, Webcams, and VoIP products are vulnerable to remote attack. They say there could be as many as 6 million vulnerable devices on the Internet. The scan also found that the devices' administrative interfaces are viewable from anywhere on the Internet, and their owners have not changed the devices' passwords from the manufacturer's default.
The study scanned networks belonging to the largest Internet service providers (ISPs) in North America, Europe, and Asia, and vulnerable devices were found in significant numbers in all parts of the world. Since starting the project last December, the researchers have scanned 130 million IP addresses and found nearly 300,000 devices whose administrative interfaces were remotely accessible from anywhere on the Internet. Devices with default passwords are most vulnerable, but others are theoretically vulnerable to brute-force password-cracking attacks.
The researchers have provided ISPs with their findings, but Columbia professor Salvatore Stolfo says product manufacturers are the real culprits. He says that they need to hide their administrative interfaces by default and give customers clear instructions on how to alter the configuration to protect themselves. Stolfo also says that vendors should be more vocal in encouraging customers to change default passwords.
From Wired News
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA
No entries found