It almost seems like vulnerabilities in hardware and software is all that's hitting the news in the past few days. We've reported on multiple issues ranging from the "Grinch" Linux flaw to the vulnerability in SS7's mobile network towers rendering our text messages and phone calls open for all prying eyes.
In recent news, a vulnerability in router software has opened up millions of devices to hacking. This is apparently achieved by the hacker "sending a specially crafted request to RomPager, an embedded Web server running on them" as according to PC World.
Once access has been gained, the hacker then has full control over any in-home security, systems or devices connected to the network - meaning they can steal your data, alter your information or utilize your technology to launch attacks against other systems. It gives them the ability to strip SSL from secure connections and also hijack your DNS settings, listing dodgy websites as 'safe' for your personal computers - opening you up to more malicious attacks.
This information was discovered by Check Point Software Technologies (CPST), being described as an issue located within RomPager. RomPager is used by many routers to host Web-based administration interfaces and listed as one of the most commonly seen globally.
In their report, CPST claims that "attackers can send specially crafted HTTP cookies that exploit the vulnerability to corrupt memory and alter the application and system state. This, in effect, can trick the attacked device to treat the current session with administrative privileges -- to the misfortune of the device owner."