Why it matters to you
As careful as you might be to keep your internet connected devices updated, access to some — like your router and modem — are completely out of your control.
As we connect more and more devices to the internet, we create more and more potential security vulnerabilities. While we’re usually aware of the gadgets we use every day — our PCs, smartphones, and tablets — we might now always think about just how secure are all of our other connected devices like networked cameras, cable boxes, and internet modems.
Sometimes, our own devices can be compromised by systems outside of our control, such as internet service providers and other companies who can access our devices remotely. Cisco Prime Home is a system that such companies use to remotely manage things like set-top boxes, modems, and routers, and that system has recently suffered a security vulnerability, Bitdefender’s blog reports.
More: On edge after the DDoS attack? Here’s how to prevent your smart home from being hacked
Basically, the vulnerability is in Cisco Prime Home’s web graphical user interface (GUI) and it could allow a remote, unauthorized attacker to access devices managed by the service with administrator privileges. By sending a series of commands via an unsecured HTTP connection to a specific network address, the attacker can gain the same access to managed devices as an administrator.
Having administrator access to anything is a very big deal and this particular vulnerability is a serious one. Someone who exploits the vulnerability could gain access and control over any device managed by Cisco Prime Home. That means that no matter how carefully you secure your devices yourself, there is another possible avenue of attack that is completely outside of your control and knowledge.
Cisco issued a fix for the service, meaning that the companies who use it to manage your devices should have already updated and resolved the vulnerability. You may not even be aware of which of your service providers are using Cisco Prime Home and so there is really not a lot you can do except hope that those companies are keeping up their end of the security bargain.