«The battle for information security, as we know, is endless and it is unlikely that it will ever lead to an absolute victory. A recent report from the Independent Security Evaluators (ISE) organization puts the spotlight on network equipment intended for tried consumers or small businesses - specifically, 13 NAS and routers manufactured by ASUS, Buffalo, Drobo, Lenovo, Netgear, QNAP, Seagate, Synology, TerraMaster, Xiaomi, Zioncom and Zyxel.
The results of the study are not very encouraging. Overall, 125 different vulnerabilities were found (naturally distributed among the various devices). The vulnerabilities allowed researchers to obtain root access privileges on 12 products, 6 of which without the need for authentication; and in all 13 at least one web app flaw was found, thanks to which it is possible to remotely access the shell or the management page.
ISE has chosen the devices to be tested based (also) on their diffusion: all have been analyzed with the latest stable firmware available publicly. The company has reported all vulnerabilities to their respective manufacturers - most said they will fix the bugs as soon as possible. However, Buffalo, Drobo and Zioncom made no statements. Below is the detailed list of tested devices:
ASUS RT-AC3200
Asustor AS-602T
Buffalo TeraStation TS5600D1206
Drobo 5N2
Lenovo ix4-300d
Netgear Nighthawk R9000
QNAP TS-870
Seagate STCR3000101
Synology DS218j
TerraMaster F2-420
Xiaomi Mi Router 3 (on the market since 2016)
Zioncom TOTOLINK A3002RU
Zyxel NSA325 v2
As we said at the beginning of the article, it is impossible to expect a device to be completely inviolable, but the researchers at ISE note that the products tested include rather trivial vulnerabilities "that would be considered unacceptable in modern web applications outside of IT environments". The researchers advise manufacturers of IoT devices to "start training their developers on good security practices, and use dedicated teams, external or internal, to test the software running on the products." Some serious flaws have been observed for some time. "
#digife #website #website #ecommerce #ecommerce #webdesign #seo #digitalmarketing #graphicdesign #business #websitedesign #webdevelopment #webdesigner #branding #webdeveloper #socialmediamarketing #entrepreneur #startup #digital #malware #hacker #hacking #security #virus #cybercrime #antivirus #cyberattack #spyware
Source http://bit.ly/2kMJt77
