ClickCease More than half of second-hand network devices hold sensitive data

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

More than half of second-hand network devices hold sensitive data

by

May 2, 2023 - TuxCare PR Team

A study conducted by ESET reveals that 56% of second-hand corporate network devices still contain sensitive company data.

The security vendor purchased 16 recycled devices routers and found that nine of them contained IPsec or VPN credentials, hashed root passwords, and other critical information to identify the previous owner. This information theoretically allows cyber attackers who got hold of the devices to gain network access to the organization that recycled the router.

The routers, which included models by Cisco, Fortinet and Juniper Networks, contained confidential data, network information, and credentials that could easily be used to determine the previous owner. Among the data, were hashed root administrator passwords, VPN and secure network communication credentials, and router-to-router authentication keys. Moreover, eight of the routers contained data about connecting to other organizations’ networks, and two contained customer data.

The study further disclosed that some of the routers analyzed contained sensitive data such as customer data, credentials for connecting to other networks as a trusted party, connection details for specific applications, and router-to-router authentication keys. ESET researchers found complete maps of major local and cloud-based application platforms previously used by organizations that owned the routers. These included corporate email, physical building security, and business applications.

ESET researchers were also able to map the network topology, including the location of remote offices and operators, which could be used for subsequent exploitation efforts. This failure to properly decommission the routers exposed many of these companies, their customers, and partners to elevated cyber risk.

The routers analyzed were originally owned by mid-sized and global organizations operating across various sectors, including data center providers, law firms, tech vendors, manufacturers, creative firms, and software developers. Although some of the organizations handled the event as a serious data breach, others failed to reply to ESET’s repeated attempts to notify.

The sources for this piece include an article in InfoSecurity.

Summary
More than half of second-hand network devices hold sensitive data
Article Name
More than half of second-hand network devices hold sensitive data
Description
A study conducted by ESET reveals that 56% of second-hand corporate network devices still contain sensitive company data.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!