Strong passwords are a powerful inhibitor for hackers, but sometimes they are not enough to keep the bad guys away from your files. They can exploit directory traversal, a programming flaw that can be present in various connected things, to bypass other security measures and reach private data stored on your devices.
Also called “backtracking” or “path traversal,” this weakness lets hackers jump from folder to folder in search of content they could use. It’s like someone having access to a room service elevator and using it to hop into any room at any floor to grab valuables inside; only instead of the silverware and the big screen, cybercriminals loot important documents, usernames and passwords, or anything of value on the affected device.
Gadgets that may have a directory traversal vulnerability are more attractive to compromise because the data they hold can be leveraged to get your money or to advance deeper into the home network. Connected products intended for file storage (e.g. network attached storage – NAS), internet connection (e.g. routers, modems), video surveillance (e.g. digital video recorder – DVR, network video recorder – NVR, IP cameras) are among the most targeted.
Hackers can use photos, videos and documents for blackmailing or for public shaming and exposure. Other IoT products store a different kind of data, also sensitive in nature: logins for online accounts, codes for transactions, credentials for the internet connection, a Wi-Fi password or the router configuration file. With access to the router, an attacker could easily set it up to redirect browsing from any device on the network to malware-hosting websites or fake pages that impersonate online services.
Responsibility for mitigating directory traversal risks falls first of all in the hands of the vendor, who has to roll out new firmware that prevents skipping through folders without authentication. On the other hand, in lack of an automatic system, users must check regularly for product updates and install them.
Bitdefender Home Scanner helps you determine if the devices connected on your home network have known vulnerabilities that have not been patched. The tool does not mitigate the risks, it just points them out. Bitdefender BOX, however, is a security appliance specifically designed to monitor network connections and stop traffic to and from malicious web addresses.
tags
November 14, 2024
September 06, 2024