Eight Reasons Why Cyber Attacks Hit Retailers It was only a matter of time before there was a serious security flaw affecting the Internet of Things (IoT). It comes by way of a vulnerability in NetUSB, which lets devices that are connected over USB to a computer be shared with other machines on a local […]
Eight Reasons Why Cyber Attacks Hit Retailers
It was only a matter of time before there was a serious security flaw affecting the Internet of Things (IoT). It comes by way of a vulnerability in NetUSB, which lets devices that are connected over USB to a computer be shared with other machines on a local network. The vulnerability, which could lead to remote code execution or denial of service if exploited, may affect some of the most popular routers in our homes and workplaces.
Details of the vulnerability were released by SEC Consult. According to Forbes, the weakness is somewhat rare, but it works this way:
When a PC or other client connects to NetUSB, it provides a name so it can be recognised as an authorised device. Whilst the authentication process is ‘useless’ as the encryption keys used are easy to extract … it’s also possible for an attacker who has acquired access to the network to force a buffer overflow by providing a name longer than 64 characters.
And when this happens, continuing with the exploit is relatively easy.
Routers are the backbone of IoT—without them, smart devices don’t have the ability to be smart. In an email conversation with me, Cloudmark Security Research Analyst Andrew Conway called routers the “soft underbelly of the Internet,” adding:
They were never designed to be high security components, and once they are installed, they are typically never updated. Even when vulnerabilities are discovered, a vendor may not patch their firmware, and if they do, the patches are rarely applied. Should a vendor want to notify customers that they need to upgrade their firmware, the company typically has no way of identifying those individuals. Worse still, in many cases an attacker does not even need a vulnerability to gain control of a home router. Individuals and organizations either use the default admin password or create one that is susceptible to dictionary attack.
While this vulnerability isn’t as bad as others we’ve seen recently, it does underscore the fact that our IoT devices are at risk. It is only a matter of time before a serious attack involving routers occurs—especially if manufacturers continue to ignore security as part of the router’s hardware and software design. For now, Conway has provided a few tips to keep your router secure:
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
