Study Shows Thousands of Consumer Internet Connectivity Devices Are Vulnerable to Attack

Oct 26, 2009
Columbia's Intrusion Detection Systems Lab, led by professor Salvatore J. Stolfo (center)

(PhysOrg.com) -- Following news reports that 65,000 modems and wireless routers used by Time Warner Cable customers are vulnerable to attack by hackers, a Columbia University expert on computer security and privacy has found that software flaws in embedded devices like routers, webcams and Voice over Internet Protocol (VoIP) phone adapters are far more widespread than previously known.

Salvatore J. Stolfo, a computer science professor and director of the Intrusion Detection Systems Lab at Columbia’s Fu Foundation School of Engineering and Applied Science, presented “Brave New World: Pervasive Insecurity of Embedded Network Devices” at a conference in France last month.

In the paper, co-authored by graduate students Ang Cui, Yingbo Song and Pratap V. Prabhu, Stolfo recounts how he and his team scanned thousands of consumer and business devices around the world and found that a high proportion of them were unprotected. Their ongoing research began in December 2008.

“Many thousands of unsuspecting people world-wide have this problem,” says Stolfo. “Many of these devices are easy targets for just about anyone with mal-intent. One can ‘log in’ to your home router and plant software in it, much like a virus, and record your network traffic or alter it; record phone conversations, or do just about anything nasty one can imagine.”

While scanning devices in North America, Europe and Asia, Stolfo found that certain types of consumer devices publicly accessible over the Internet have vulnerability rates as high as 41.62 percent. Among VoIP phones, the vulnerability rate was one in five. He and his colleagues, through an outside group, are contacting the Internet service providers who supply connectivity to those vulnerable devices. The ISPs, in turn, will warn the customers. An additional step may involve alerting vendors of the devices.

Like PCs, embedded devices contain software. This software is used to route messages in and out of one’s home or office. Vulnerability is introduced into the device when users fail to properly configure it before plugging it in. To protect themselves, consumers need only read their instruction manual and follow the directions telling them how to go online and set up their machine so no one can break into it.

Provided by The Earth Institute at Columbia University (news : web)

Explore further: Computer scientists can predict the price of Bitcoin

add to favorites email to friend print save as pdf

Related Stories

Netgear to help Internet subscribers measure use

Jul 20, 2009

(AP) -- How many gigabytes do you consume per month? Not many people can answer that question, complicating the efforts of Internet service providers to get their subscribers to stay below a certain amount of data per month. ...

Netgear Routers to Add QoS for Home Video Streaming

May 08, 2007

In June, Netgear plans to add quality-of-service (QoS) enhancements to its top-of-the-line RangeMAX 802.11n routers to improve the quality of home video, a source close to the company said.

PC Chip Will Protect Users From Hackers and Viruses

Sep 16, 2004

IBM First PC Manufacturer to Equip Its Desktop PCs with New Security Technology From National Semiconductor National Semiconductor today introduced two SafeKeeper™ Trusted Input/Output (I/O) devices, new hardware produ ...

Microsoft Partners Announce New Phones, Devices

May 14, 2007

Microsoft will use its Windows Hardware Engineering Conference to announce 15 new phones and devices that work with its unified communications software from nine of its partners.

Recommended for you

Government ups air bag warning to 7.8M vehicles

39 minutes ago

The U.S. government is adding more than 3 million vehicles to a rare warning about faulty air bags that have the potential to kill or injure drivers or passengers in a crash.

Fighting cyber-crime one app at a time

1 hour ago

This summer Victoria University of Wellington will be home to four Singaporean students researching cyber threats. The students have been working with Dr Ian Welch, a lecturer in Victoria's School of Engineering and Computer ...

Using sound to picture the world in a new way

1 hour ago

Have you ever thought about using acoustics to collect data? The EAR-IT project has explored this possibility with various pioneering applications that impact on our daily lives. Monitoring traffic density ...

User comments : 0