Check Point Researchers Discover ISP Vulnerabilities that Hackers Could Use to Take Over Millions of Consumer Internet and Wi-Fi Devices

Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today released its findings of security concerns in CPE WAN Management Protocol (CWMP/TR-069) deployments, used by major Internet Service Providers (ISPs) globally to control business and consumer home internet equipment such as Wi-Fi routers, VoIP phones, amongst other devices.

Researchers in Check Point’s Malware and Vulnerability Research Group uncovered a number of critical zero-day vulnerabilities that might have resulted in the compromise of millions of homes and business worldwide, through flaws in several TR-069 server implementations. Once compromised, the malicious exploitation could have led to massive malware infections, illegal mass-surveillance and privacy invasions, and/or service interruptions, including the disabling of an ISP’s Internet service.  Attackers could also steal personal and financial data from huge numbers of businesses and consumers.

Further analysis detected an alarming number of insecure ISPs, vulnerable to remote takeover. Check Point has reported and assisted in fixing all uncovered vulnerabilities.


more here..............http://www.checkpoint.com/press/2014/media-alert-cp-researchers-find-isp-vulnerabilities.html