Your router could be leaking a whole lot of personal data without you knowing

If you’re not careful when decommissioning your old business routers, you could be risking serious sensitive data leaks, new research has warned. 

A report from ESET found small and medium-sized organizations, as well as enterprises, often dispose of their old hardware inappropriately. As a result, they leak customer data, credentials, and various other authentication keys.

The company analyzed 16 distinct network devices that were disposed of and sold on the second-hand market and found nine devices - 56% - were still holding sensitive company data. 

Passwords on a platter

Of the nine devices that had complete configuration data available, a quarter (22%) contained customer data, a third (33%) exposed data allowing third-party connections to the network, almost half (44%) had credentials for connecting to other networks as a trusted party, almost all (89%) itemized connection details for specific applications and contained router-to-router authentication keys. 

Furthermore, all of the devices (100%) contained one or more of IPsec or VPN credentials, or hashed root passwords, and had sufficient data to reliably identify the former owner/operator.

ESET also found that some companies didn’t really care about leaking sensitive data this way. After “repeated attempts to connect” and notify the firms of the potential problem, some companies were “shockingly unresponsive”. Others, however, “showed proficiency” and handled the problem as a “full-blown security breach”.

These findings should serve as a “wake-up call” for organizations to tighten up on their data protection practices, ESET says.

“We would expect medium-sized to enterprise companies to have a strict set of security initiatives to decommission devices, but we found the opposite," noted Cameron Camp, the ESET security researcher who led the project.

"Organizations need to be much more aware of what remains on the devices they put out to pasture, since a majority of the devices we obtained from the secondary market contained a digital blueprint of the company involved, including, but not limited to, core networking information, application data, corporate credentials, and information about partners, vendors, and customers.”



from TechRadar - All the latest technology news https://ift.tt/4tJCXuI
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us