SOURCE: Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd.

December 18, 2014 09:30 ET

Media Alert: Check Point Researchers Discover Significant Vulnerability That Could Be Used to Take Control of Millions of Consumer and Business Internet Routers

SAN CARLOS, CA--(Marketwired - Dec 18, 2014) - Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the Internet, today released its findings of Misfortune Cookie, a critical vulnerability that allows an intruder to remotely take over a residential gateway device and use it to attack the devices connected to it.

Researchers in Check Point's Malware and Vulnerability Research Group uncovered a vulnerability present on millions of residential gateway (SOHO router) devices from different models and makers. It has been assigned the CVE-2014-9222 identifier. This severe vulnerability allows an attacker to remotely take over a gateway device with administrative privileges.

To date, researchers have distinctly detected at least 12 million readily exploitable devices connected to the Internet across the globe, making this one of the most widespread vulnerabilities revealed in recent years.

Key Findings:

  • If undiscovered, an attacker could take control of millions of routers around the world, and use that access to control and steal data from the wired and wireless devices connected to the network.
  • The affected software is the embedded web server RomPager from AllegroSoft, which is typically embedded in the firmware released with devices.
  • No devices from Check Point have been compromised by this vulnerability.

"Misfortune Cookie is a serious vulnerability present in millions of homes and small businesses around the world, and if left undetected and unguarded, could allow hackers to not only steal personal data, but control peoples' homes," said Shahar Tal, Malware and Vulnerability Research Manager at Check Point Software Technologies. "At Check Point, we are dedicated to protecting the internet and its users by staying ahead of attackers. Our Malware and Vulnerability Research Group remains focused on uncovering security flaws and developing the necessary real-time protections to secure the Internet."

For more information about Misfortune Cookie, affected devices, and how consumers and businesses can protect themselves from this vulnerability, please visit mis.fortunecook.ie.

Check Point's Malware and Vulnerability Research Group regularly performs assessments of common software to ensure the security of Internet users worldwide. For more information on other research findings from Check Point, visit: http://www.checkpoint.com/threatcloud-central/.

Follow Check Point via

Twitter: www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
YouTube: http://www.youtube.com/user/CPGlobal

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point's award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.