Cisco has revealed that its Prime Home remote management and provisioning solution contains a flaw that could expose users’ home routers and broadband gateways to hijacking. The US networking giant has urged all ISPs and vendors using its system to install a security update straight away.
Prime Home gives ISPs and connected device vendors remote control over devices such as cable modems, routers and set top boxes in subscribers’ homes. A successful attack would give a hacker the ability to bypass authentication and execute actions with administrator privileges on all these devices.
Though seemingly not a huge risk in this case, with most IoT hacks it’s not so much what a hacker could do directly with the breached device, but what valuable additional information they can glean for further criminal use. In other words, a hacker is unlikely to reprogramme your TV recording schedule (phew!), but they may well get your email and passwords in order to hack into your bank account (darn).
This alert comes at a time when the security of network appliances and IOT devices is very much under the spotlight, and industry regulation still a ways off.