The Connect Box as a Router at around 500’000 Swiss customers of UPC in use, had a serious security vulnerability. A vulnerability in the Web Interface, a Hacker from the same local network to be able to execute almost arbitrary commands on the device. With activated remote maintenance function such attacks even from the Internet were executable.
This would make it possible for all the Internet to spy on the movements. Or to use the Router as part of a botnet. With such Bots, about is sending out Spam or attacks against Websites to run without the Knowledge and consent of the device owner.
the vulnerability is a computer science point student with the Pseudonym of Xitan, which deals with Internet security has Discovered. The magazine Heise.de reported then about it, because in Germany, about two million such Connect boxes are in use, in the case of a subsidiary of Liberty Global, which also owns UPC in Switzerland. In Germany was completed in the last few days an Update.
customers will be informed of UPC
At the request of a VIEW, UPC confirmed that the Problem also occurred on the Swiss boxes. Around half a Million are currently in use. But media spokesperson Stephanie Aline Niggli also stressed: “The Update that closes the security gaps, was carried out in Switzerland a few weeks ago when all Connect boxes.” The UPC customers have to do nothing, the new Firmware was automatically installed.
But why is the User not informed? “Such Updates, each include in addition to security updates, new Features, and bug fixes and therefore normally without proactive communication to our customers,” writes Niggli. And assured that there is as yet no evidence that it has given due to the vulnerability of attacks to UPC customers.