By Dan Goodin in San Francisco
16th July 2009
Forget mis-configured Apache servers and vulnerability-laden Adobe
applications. The biggest security threats to business and home networks
may be the avalanche of webcams, printers, and other devices that ship
with embedded web interfaces that can easily be turned against their
The web interfaces are designed to make it easy to manage the devices by
allowing people to use a readily familiar medium to change settings such
as file names and IP addresses. But there's a catch: The low-cost
gadgets were never designed to withstand attacks, even though they
interact with some of the most sensitive parts of a computer network,
says a team of researchers at Stanford University that tested 21 devices
made by 16 different manufacturers.
"We didn't find a single secure device," said Hristo Bojinov, a PhD
candidate at Stanford's Computer Security Lab, who plans to present the
findings later this month at the Black Hat security conference in Las
Vegas. "It tells us that it's a long tail that's completely overlooked
The device that posed the highest number of threats was NAS, or
network-attached storage, units, which were susceptible to all five
attack classes considered in the study.
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com