Media Alert: Check Point Researchers Discover ISP Vulnerabilities that Hackers Could Use to Take Over Millions of Consumer Internet and Wi-Fi Devices

Views tracker viewed for user 4420
Check Point Software Technologies's picture
Printer-friendly versionPrinter-friendly version

San Carlos, CA — Fri, 08 Aug 2014

Check Point® Software Technologies Ltd. (Nasdaq: CHKP), the worldwide leader in securing the Internet, today released its findings of security concerns in CPE WAN Management Protocol (CWMP/TR-069) deployments, used by major Internet Service Providers (ISPs) globally to control business and consumer home internet equipment such as Wi-Fi routers, VoIP phones, amongst other devices.

Researchers in Check Point’s Malware and Vulnerability Research Group uncovered a number of critical zero-day vulnerabilities that might have resulted in the compromise of millions of homes and business worldwide, through flaws in several TR-069 server implementations. Once compromised, the malicious exploitation could have led to massive malware infections, illegal mass-surveillance and privacy invasions, and/or service interruptions, including the disabling of an ISP’s Internet service.  Attackers could also steal personal and financial data from huge numbers of businesses and consumers.

Further analysis detected an alarming number of insecure ISPs, vulnerable to remote takeover. Check Point has reported and assisted in fixing all uncovered vulnerabilities.  

Key Findings:

  • If undiscovered, an attacker could have taken control of millions of Internet devices across the world, resulting in the ability to steal personal and financial data from businesses and consumers.
  • Many TR-069 deployments include severe security weaknesses. Check Point encourages ISPs and other providers utilizing this protocol to evaluate their security posture immediately.
  • Customers with the Check Point Intrusion Prevention System (IPS) Software Blade have automatically received protections against uncovered vulnerabilities.

Check Point will present its TR-069 research findings at DEF CON® 22 on Saturday, August 9, 2014 at 11:00AM PT in The Rio Hotel & Casino, Las Vegas. The session entitled, “I Hunt TR-069 Admins: Pwning ISPs Like a Boss” will be led by Shahar Tal, Vulnerability Research Team Leader at Check Point. More details on the session can be found here: https://www.defcon.org/html/defcon-22/dc-22-speakers.html#Tal.

“Check Point’s mission is to keep one step ahead of malicious attackers. The security flaws uncovered in TR-069 implementations could have resulted in catastrophic attacks against Internet Service Providers and their customers across the world. Our Malware and Vulnerability Research Group continues to focus on uncovering security flaws and developing the necessary real-time protections to secure the Internet,” said Shahar Tal, Vulnerability Research Team Leader at Check Point Software Technologies.

Check Point’s Malware and Vulnerability Research Group regularly performs assessments of common software to ensure the security of Internet users worldwide. For more information on other research findings from Check Point, visit: http://www.checkpoint.com/threatcloud-central/.

Follow Check Point via


About Check Point Software Technologies Ltd.


Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point's award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.

News Source : Media Alert: Check Point Researchers Discover ISP Vulnerabilities that Hackers Could Use to Take Over Millions of Consumer Internet and Wi-Fi Devices
Copy this html code to your website/blog to embed this press release.

Check Point Software Technologies Press Release

Post date
08/08/2014 - 10:17 Media Alert: Check Point Researchers Discover ISP Vulnerabilities that Hackers Could Use to Take Over Millions of Consumer Internet and Wi-Fi Devices
08/07/2014 - 10:17 Media Alert: Check Point Presents Research Findings at Black Hat USA 2014 and DEF CON® 22
07/24/2014 - 10:55 Check Point Expands its Data Center Security Leadership with New 13800 and 21800 Gateways
06/18/2014 - 02:38 Increasingly Sophisticated Malware and Lack of Threat Intelligence are Key Factors in Growing Number of Successful Attacks: Check Point Survey
05/28/2014 - 12:12 Check Point Software Technologies Ltd. Shareholders Approve All 2014 Annual General Meeting Proposals
05/27/2014 - 11:17 Check Point Appoints Marie Hattar as Chief Marketing Officer
09/02/2013 - 00:53 Check Point R77 Delivers ThreatCloud Emulation Service to Tackle Zero-Day Attacks
08/07/2013 - 13:57 Internet Society Board of Trustees Elects New Chair
08/07/2013 - 06:11 Check Point Positioned as Leader in the 2013 Gartner Magic Quadrant for Unified Threat Management
07/17/2013 - 13:05 New Check Point 13500 Appliance Combines Multi-Layer Data Center Security with Market-Leading Performance
06/30/2013 - 08:02 Check Point Software Reports 2013 Second Quarter Financial Results
06/25/2013 - 12:33 Check Point Software Technologies Ltd. Shareholders Approve All 2013 Annual General Meeting Proposals
06/05/2013 - 05:33 Check Point Survey Reveals 79 Percent of Businesses Experienced a Mobile Security Incident in the Past Year
05/29/2013 - 08:33 Check Point's Industry-Leading Security Solutions Obtain U.S. Government and Internationally Recognized Certifications
05/14/2013 - 17:35 Media Alert: New Attacks Detected by Recently Introduced Check Point Threat Emulation Software Blade
04/09/2013 - 04:36 Check Point 1100 Appliances Deliver Enterprise-Class Security for Branch Offices
02/25/2013 - 10:32 Check Point Positioned as a Leader for the 16th Consecutive Year in the 2013 Gartner Magic Quadrant for Enterprise Network Firew
02/25/2013 - 08:32 Check Point Next Generation Firewall Achieves Highest Score in Security Effectiveness and Management in Latest NSS Labs Test
07/15/2010 - 09:58 Check Point Abra Named "I.T. Product of 2010" by Computerworld Magazine
10/24/2009 - 04:24 Check Point Adds Windows 7 OS Support to Endpoint Security
Copy and paste this code to display this page on your website .
Syndicate content