Misplaced Pages

Misfortune Cookie (software vulnerability)

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Software vulnerability
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
An editor has performed a search and found that sufficient sources exist to establish the subject's notability. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Misfortune Cookie" software vulnerability – news · newspapers · books · scholar · JSTOR (March 2022) (Learn how and when to remove this message)
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Misfortune Cookie" software vulnerability – news · newspapers · books · scholar · JSTOR (March 2022) (Learn how and when to remove this message)
This article may require cleanup to meet Misplaced Pages's quality standards. The specific problem is: Vague wording and non-encyclopedic tone. Please help improve this article if you can. (March 2022) (Learn how and when to remove this message)
(Learn how and when to remove this message)

Misfortune Cookie is a computer software vulnerability found in the firmware of certain network routers which can be leveraged by an attacker to gain access remotely. The vulnerability has been detected to have affected around 12 million unique devices spread across 189 countries, earning itself a 9.8 Tyne CVSS rating. Any device connected to an exposed network could be hijacked by an attacker who could easily monitor a person's Internet connection or steal their credentials as well as personal or business data. They could also attempt to infect the target machines with malware. Otherwise known as CVE-2014-9222, the bug was first discovered in 2014 by Check Point researchers. It returned again in 2018, four years after its public disclosure, but this time, affecting a completely different set of targets, aka medical devices. When the vulnerability was applied to medical attacks, the DTS configurations could be tampered with, communication could be spoofed, and information could be stolen from an unsuspecting person.

Exploitation

With the combination of its severity, ease of exploiting, lack of practically any preconditions and the sheer volume of affected networks, the Misfortune Cookie could be considered truly unique. The vulnerability was so easy to exploit that all an attacker had to do to gain access over a device was to send a single packet to the device's public IP address. The exploitation could be carried out with just a modern-day web browser making it even more dangerous than most security vulnerabilities. The attacker in this scenario sends a crafted HTTP cookie attribute to the vulnerable system's (network router) web-management portal, where the attacker's content overwrites the device memory. The contents of the cookie act as command to the router which then abides by the commands. This results in arbitrary code execution. This vulnerability was discovered in the early 2000s but did not emerge publicly until 2014, when security researchers from an Israeli security firm checkpoint made a public disclosure. The vulnerability still persists in over 1 million devices accessible over the Internet and a total of about 12 million devices. This includes around 200 different router brands. In 2018, the vulnerability again gained traction as the vulnerable firmware was used in medical equipment that could potentially cause life-threatening attacks via IoT. Its severity was highlighted by ICS-CERT in its advisory, thereby.

References

  1. ^ Technologies, Check Point Software. "Misfortune Cookie Vulnerability". Misfortune Cookie Vulnerability by Check Point. Retrieved 2022-07-27.
  2. "Misfortune Cookie vulnerability returns to impact medical devices". ZDNet. Retrieved 2022-07-27.
  3. "MisFortune cookie" (PDF). Bulletin. Archived from the original (PDF) on 2018-10-03. Retrieved 2018-08-30.
  4. "4-Year Old Misfortune Cookie Rears Its Head In Medical Gateway Device". BleepingComputer. Retrieved 2018-08-30.
  5. "Qualcomm Life Capsule | ICS-CERT". ics-cert.us-cert.gov. 28 August 2018. Retrieved 2018-08-30.
Categories:
Misfortune Cookie (software vulnerability) Add topic