US research group warns of major internet vulnerability
A US Government-backed research group is issuing a warning about a major internet security flaw.
The CERT Coordination Centre says vulnerabilities in the Simple Network Management Protocol could leave millions of devices open to hackers.
SNMP is the most popular system in use to manage networked devices.
It allows system administrators to remotely monitor and configure different kinds of devices.
CERT says the fact it's so widely used means the vulnerability is present in millions of devices from desktop computers to traffic management systems. The problem is most serious for internet service providers which use systems called routers to manage the flow of messages across their systems.
"ISPs that don't act will have a reasonable chance of having their routers go down," said Alan Paller, research director at another Washington funded IT research group, the Sans Institute in Maryland.
Mr Paller says providers could safely disable SNMP until a patch is available, but may have difficulty billing their customers.
The problem was discovered by researchers in Finland, but it has existed since SNMP was written more than 10 years ago. Security experts are remaining relatively calm about the threat, even though tools that could exploit the vulnerability are already known to be available to hackers.
Russ Cooper of security firm TruSecure said: "I'm worried that it could cause some disruptions. I'm not worried about the end of the internet as we know it."
The CERT Coordination Centre - based at Carnegie Mellon University in Pittsburgh - has published detailed information for system administrators on its website.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
