Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

A ton of Ruckus Wireless routers are vulnerable to hackers

A security researcher has found several vulnerabilities in a number of Ruckus Wireless routers, which the networking giant has since patched.

Gal Zror told TechCrunch that the vulnerabilities he found lie inside in the web user interface software that runs on the company’s Unleashed line of routers.

The flaws can be exploited without needing a router’s password, and can be used to take complete control of affected routers from over the internet.

Routers act as a gateway between a home or office network and the wider internet. Routers are also a major line of defense against unauthorized access to that network. But routers can be a single point of failure. If attackers find and take advantage of vulnerabilities in the router’s software, they can control the device and gain access to the wider internal network, exposing computers and other devices to hacks and data theft.

Zror said his three vulnerabilities can be used to to gain “root” privileges on the router — the highest level of access — allowing the attacker unfettered access to the device and the network.

Although the three vulnerabilities vary by difficulty to exploit, the easiest of the vulnerabilities uses just a single line of code, Zror said.

With complete control of a router, an attacker can see all of the network’s unencrypted internet traffic. An attacker can also silently re-route traffic from users on the network to malicious pages that are designed to steal usernames and passwords.

Zror said that because many of the router are accessible from the internet, they make “very good candidates for botnets” That’s when an attacker forcibly enlists a vulnerable router — or any other internet-connected device — into its own distributed network, controlled by a malicious actor, which can be collectively told to pummel websites and other networks with massive amounts of junk traffic, knocking them offline.

There are “thousands” of vulnerable Ruckus routers on the internet, said Zror. He revealed his findings at the annual Chaos Communication Congress conference in Germany.

Ruckus told TechCrunch it fixed the vulnerabilities in the 200.7.10.202.92 software update, but said that customers have to update their vulnerable devices themselves.

“By design our devices do not fetch and install software automatically to ensure our customers can manage their networks appropriately,” said Ruckus spokesperson Aharon Etengoff. “We are strongly advising our customers and partners to deploy the latest firmware releases as soon as possible to mitigate these vulnerabilities,” he said.

Ruckus confirmed its SmartZone-enabled devices and Ruckus Cloud access points are not vulnerable.

“It’s very important for the customers to know that if they’re running an old version [of the software], they might be super vulnerable to this very simple attack,” said Zror.

The sinkhole that saved the internet

Comments

Post a Comment

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio
Post a Comment
Read more

Drone crash near kids leads Swiss Post and Matternet to suspend autonomous deliveries

A serious crash by a delivery drone in Switzerland have grounded the fleet and put a partnership on ice. Within a stone’s throw of a school, the incident raised grim possibilities for the possibilities of catastrophic failure of payload-bearing autonomous aerial vehicles. The drones were operated by Matternet as part of a partnership with the Swiss Post (i.e. the postal service), which was using the craft to dispatch lab samples from one medical center for priority cases. As far as potential applications of drone delivery, it’s a home run — but twice now the craft have crashed, first with a soft landing and the second time a very hard one. The first incident, in January, was the result of a GPS hardware error; the drone entered a planned failback state and deployed its emergency parachute, falling slowly to the ground. Measures were taken to improve the GPS systems. The second failure in May, however, led to the drone attempting to deploy its parachute again, only to sever the line
Post a Comment
Read more

ProtonMail logged IP address of French activist after order by Swiss authorities

ProtonMail , a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism after a police report showed that French authorities managed to obtain the IP address of a French activist who was using the online service. The company has communicated widely about the incident, stating that it doesn’t log IP addresses by default and it only complies with local regulation — in that case Swiss law. While ProtonMail didn’t cooperate with French authorities, French police sent a request to Swiss police via Europol to force the company to obtain the IP address of one of its users. For the past year, a group of people have taken over a handful of commercial premises and apartments near Place Sainte Marthe in Paris. They want to fight against gentrification, real estate speculation, Airbnb and high-end restaurants. While it started as a local conflict, it quickly became a symbolic campaign. They attracted newspaper headlines when they started occupying prem
Post a Comment
Read more