Welcome!

News Feed Item

Media Alert: Check Point Researchers Discover ISP Vulnerabilities That Hackers Could Use to Take Over Millions of Consumer Internet and Wi-Fi Devices

SAN CARLOS, CA -- (Marketwired) -- 08/08/14 -- Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the Internet, today released its findings of security concerns in CPE WAN Management Protocol (CWMP/TR-069) deployments, used by major Internet Service Providers (ISPs) globally to control business and consumer home internet equipment such as Wi-Fi routers, VoIP phones, amongst other devices.

Researchers in Check Point's Malware and Vulnerability Research Group uncovered a number of critical zero-day vulnerabilities that might have resulted in the compromise of millions of homes and business worldwide, through flaws in several TR-069 server implementations. Once compromised, the malicious exploitation could have led to massive malware infections, illegal mass-surveillance and privacy invasions, and/or service interruptions, including the disabling of an ISP's Internet service. Attackers could also steal personal and financial data from huge numbers of businesses and consumers.

Further analysis detected an alarming number of insecure ISPs, vulnerable to remote takeover. Check Point has reported and assisted in fixing all uncovered vulnerabilities.

Key Findings:

  • If undiscovered, an attacker could have taken control of millions of Internet devices across the world, resulting in the ability to steal personal and financial data from businesses and consumers.
  • Many TR-069 deployments include severe security weaknesses. Check Point encourages ISPs and other providers utilizing this protocol to evaluate their security posture immediately.
  • Customers with the Check Point Intrusion Prevention System (IPS) Software Blade have automatically received protections against uncovered vulnerabilities.

Check Point will present its TR-069 research findings at DEF CON® 22 on Saturday, August 9, 2014 at 11:00AM PT in The Rio Hotel & Casino, Las Vegas. The session entitled, "I Hunt TR-069 Admins: Pwning ISPs Like a Boss" will be led by Shahar Tal, Vulnerability Research Team Leader at Check Point. More details on the session can be found here: https://www.defcon.org/html/defcon-22/dc-22-speakers.html#Tal.

"Check Point's mission is to keep one step ahead of malicious attackers. The security flaws uncovered in TR-069 implementations could have resulted in catastrophic attacks against Internet Service Providers and their customers across the world. Our Malware and Vulnerability Research Group continues to focus on uncovering security flaws and developing the necessary real-time protections to secure the Internet," said Shahar Tal, Vulnerability Research Team Leader at Check Point Software Technologies.

Check Point's Malware and Vulnerability Research Group regularly performs assessments of common software to ensure the security of Internet users worldwide. For more information on other research findings from Check Point, visit: http://www.checkpoint.com/threatcloud-central/.

Follow Check Point via

Twitter: www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
YouTube: http://www.youtube.com/user/CPGlobal

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point's award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lea...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Get deep visibility into the performance of your databases and expert advice for performance optimization and tuning. You can't get application performance without database performance. Give everyone on the team a comprehensive view of how every aspect of the system affects performance across SQL database operations, host server and OS, virtualization resources and storage I/O. Quickly find bottlenecks and troubleshoot complex problems.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Application transformation and DevOps practices are two sides of the same coin. Enterprises that want to capture value faster, need to deliver value faster – time value of money principle. To do that enterprises need to build cloud-native apps as microservices by empowering teams to build, ship, and run in production. In his session at @DevOpsSummit at 19th Cloud Expo, Neil Gehani, senior product manager at HPE, discussed what every business should plan for how to structure their teams to delive...
"We analyze the video streaming experience. We are gathering the user behavior in real time from the user devices and we analyze how users experience the video streaming," explained Eric Kim, Founder and CEO at Streamlyzer, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including clou...
"MathFreeOn.com is a line coding platform for engineers and scientists. When they want to solve an engineering problem and they have to use software - they have to pay a lot of money for licenses - but with MathFreeOn you don't have to pay a lot of money. Just go to our site and write the code and you can check the result right away," explained Simon Lee, CMO of MathFreeOn, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Cla...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
SYS-CON Events announced today that Dataloop.IO, an innovator in cloud IT-monitoring whose products help organizations save time and money, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Dataloop.IO is an emerging software company on the cutting edge of major IT-infrastructure trends including cloud computing and microservices. The company, founded in the UK but now based in San Fran...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
"This is specifically designed to accommodate some of the needs for high availability and failover in a network managed system for the major Korean corporations," stated Thomas Masters, Managing Director at InfranicsUSA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.