Well over a year ago, attention was brought to what would be a web security vulnerability of epic proportions, with the receipt of an email by a small software company. The email, sent by a computer security researcher, stated that a flaw in one of the software company’s programs was putting millions of people across the globe at risk of falling victim to being hacked.
Allegro Software Development Corp set their engineers to analyze the flaw in the program, which can help users access the controls of home Internet routers. Upon investigating, something very odd became apparent, this particular bug had been fixed 10 years prior. Yet here it was, continuing on in new devices.
The reason for this was a component maker had included the outdated 2002 version of the Allegro software with its chipset, and it had yet to be updated. These chips, specifically, are used in the making of more than 10 million devices by router makers. Router makers have responded by stating they weren’t aware the bug had been fixed by later versions of the software.
Problems with Computer Security
This particular instance shed a great deal of light on an ongoing security problem in computer security: It is difficult to fix bugs after they have been released and often gets overlooked completely. In order for this to be done, the creator must develop the fix, or “patch”. Once this is done, potentially millions of users need to be alerted, and are required to install the patch themselves, regardless of technical ability.
This creates vulnerabilities at many points. Patches often are not distributed, and when they are, users fail to install them or are unaware of the patch, meaning hackers are given a weak link to exploit.
The problem Allegro specifically had was that they were unable to apply the patch because they have no access to the effected devices. That being said, all the company can do is urge manufacturing companies to use the latest version of the software, but there is no way to require them to do so.
The Wall Street Journal conducted an experiment in an attempt to better understand the problem with routers and commissioned a computer researcher to test 20 well known Internet routers, all purchased within the last six months. It quickly became evident that a problem of great magnitude was upon as, as the following results were revealed:
These findings align nicely with those of another investigation done by a former researcher at Check Point Software Technologies Ltd., who was also responsible for finding the Allegro bug that has been deemed “Misfortune Cookie”. This is because it allows hackers to attack the router using malicious Web cookies.
In Internet scans conducted by the researcher in the spring, it was found that almost 80% of the routers that originally contained the Misfortune Cookie were still vulnerable. This was 5 months after device makers made public announcements.
The Problem With Router Makers
Security is being put on the back burner by router makers. It is the end user, not them, who pays the price for poor security, therefore, the focus is on cutting the price in order to win contracts, not on the device’s security.
Several router makers have gone on record saying security is a priority for them, with many having plans to improve how they notify users of new software. Currently these notifications are usually dependent on the user noticing an update on the routers website. In addition many manufacturers also stated that routers are fixed according to how new they are, with routers a couple of years old or older rarely getting fixed.
You need a trusted technology partner that specializes in keeping your technology up-to-date with the latest patches. Call (416) 291-7377 or email us at firstname.lastname@example.org to find out more about our managed IT services.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.