Associated Press
WASHINGTON — A new security flaw that affects network devices made by hundreds of different companies could threaten the well-being of the Internet, a government-funded research group warned Tuesday.
The problem is most serious for Internet service providers, which use systems called routers to manage the flow of messages across computer networks and the Internet, security experts said. The hole could let malicious hackers shut down or take control of those routers.
"ISPs that don’t act will have a reasonable chance of having their routers go down," said Alan Paller, research director at the Sans Institute in Maryland.
Homeland Security Director Tom Ridge said the government has been aware of the problem "for some time now."
"It’s not a terrorist alert," Ridge said. "It’s just a potential problem within the system."
The CERT Coordination Center, based at Carnegie Mellon University in Pittsburgh and funded in part by the Defense Department, posted details on its Web site Tuesday.
Marty Lindner of CERT said hundreds of companies make products that use the Internet protocol found to be at risk. When update programs aren’t available, Lindner said the CERT Web site will tell users how to reduce the risk of an attack.
"Some companies actually have all their patches ready to go," Lindner said. "Some companies have been diligently working on patches, but they have a lot more work to do."
The CERT Web site listed only about 50 responses from hardware makers. Some of the affected devices are no longer supported, said Chris Rouland of Atlanta-based Internet Security Systems, and other companies have been bought or have gone out of business.
"Some of these corporations are going to find that these devices have no patch available and they’ll have to buy new equipment," Rouland said.
Some home users may also be vulnerable, particularly those with cable or digital subscriber line modems. Those users may face the daunting task of updating their modems with new software.
"These packets will take out cable modems and DSL devices," Rouland said. "End users aren’t going to know what to do."
Lindner said the problem was found recently by researchers at the University of Finland at Oulu, but it has existed for more than a decade, since the Simple Network Manager Protocol was written.
The protocol is used to gather information from network systems or configure them remotely. It is used for all types of network functions, from billing customers to checking to see if a printer is jammed. Paller said Internet providers could safely disable the protocol until a patch is available.
Depending on the flavor of the protocol, a hacker could shut down a victim’s device or get full access to it.
Microsoft systems, frequently derided for security problems, may have a leg up on the problem. Microsoft operating systems turn the protocol off by default, Lindner said. "But that doesn’t mean it can’t be enabled by some other product you could install on top of it," he added.
Security groups are usually reluctant to tip off hackers by releasing details of a problem before a fix is available, but the number of affected companies and the seriousness of the vulnerability made this situation different, CERT officials said.
Copyright ©2002 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
