The problem seems to stem from the overly simplistic web servers that are embedded in these systems. They lack the complex controls and safeguards that a regular web server might have. Because of this they are much more susceptible to intrusion using this method. We were also reminded (although we did mention this) that this exploit is nothing new at all. It has existed for more than two years and is well known. The reason that it is not widely talked about is because there is little to no real value to it. Sure it is great if you are targeting a single person, but for a widespread attack there are simpler ways to get into a large number of people’s systems that by trying to apply this.
This does not mean that it cannot or will not be used in a larger attack, it just means there are more efficient ways of doing so. This does not excuse the manufacturers from allowing this flaw to exist in their products. However, as we have said before: until these flaws are exposed to the public there is almost no chance that they will ever be fixed. Far too many products are released to the public with known issues or that are not tested enough to ensure their security. We can no longer accept hardware and systems with flaws in them because the manufacturer thinks “no one will think of that”.
In the meantime the most common suggestion to prevent unauthorized access from outside your network is to disable remote administration. We would also suggest disabling Universal Plug and Play as an added precaution. For D-Link users you might get a fix for this by the end of October.
Tell us what you think in our Forum