Communications of the ACM
Used Routers Often Loaded with Corporate Secrets
The big danger is that the wealth of information on used devices would be valuable to cybercriminals and state-backed hackers.
Credit: aquatarkus/Getty Images
Scientists from Slovak security firm ESET will present research at this week's RSA security conference indicating more than half of used routers its researchers purchased for testing were loaded with sensitive corporate information.
The researchers bought 18 secondhand routers manufactured by Cisco, Fortinet, and Juniper Networks; nine were fully intact and accessible, but just five had been properly wiped of data.
All nine intact routers carried credentials for the organization's virtual private network, credentials for another secure network communication service, or hashed root administrator passwords.
This and other information on the devices could be exploited by cybercriminals, as well as state-supported hackers.
The ESET team warned contracting with third-party companies to wipe enterprise devices for resale offers no assurance such firms actually do so.
From Ars Technica
View Full Article
Abstracts Copyright © 2023 SmithBucklin, Washington, D.C., USA
No entries found