Leuven (Brussels Morning Newspaper) – KU Leuven researchers, led by Professor Mathy Vanhoef, found a major security flaw in tunnelling protocols, affecting 3.5M IPv4 and 700K IPv6 devices. Vulnerable networks include Telenet, China Mobile, and SoftBank.
KU Leuven researchers have identified a humongous security vulnerability that concerns millions of web-enabled devices all over the world. The devices, which encompass servers, have been discovered by the researchers to be susceptible to online attacks as they do not sufficiently verify the safety of incoming data packets. The researchers tested over 4 million devices and found that over 3.5 million using IPv4 addresses and 700,000 using IPv6 addresses were vulnerable.
How did KU Leuven uncover a security flaw affecting 4.2M devices?
The vulnerabilities discovered by KU Leuven researchers pose a serious threat to internet security. According to officials, attackers can exploit these weaknesses to bypass security measures, send malicious traffic, and gain unauthorized access to networks. These vulnerabilities leave systems open to data interception, denial-of-service attacks, and other cyber threats.
Researchers emphasize the pressing importance of having tighter security practices installed by organizations in the form of appropriate network device configuration, required encryption, and regular security scanning.
“Commonly used protocols are IP in IP and GRE (Generic Routing Encapsulation), but these protocols do not allow encryption or verification of the sender,”
Says Professor Mathy Vanhoef (KU Leuven).
According to officials, the vulnerabilities uncovered by KU Leuven researchers extend across the world, with several countries particularly at risk. China, France, Japan, the United States, and Brazil are among those with a significant number of devices susceptible to attack.
They mentioned that these vulnerabilities have been found in the networks of major telecommunications companies, including China Mobile and SoftBank. The official said that the risks extend beyond corporate networks, with home internet users also vulnerable. Thousands of home routers in France were found to be susceptible to attack.
According to officials, a major security flaw was found in Belgium, putting many Telenet customers at risk. Their internet routers and network devices were not properly configured. Experts alerted internet providers, network administrators, and big companies about the problem.
They mentioned that as a result, security measures have been strengthened worldwide. Even large, well-managed networks can have security gaps. They said we need to be proactive and regularly check for vulnerabilities.
