“Bloodsucking leech” puts 100,000 servers at risk of potent attacks

At least 100,000 Internet-connected servers sold by Dell, HP, and other large manufacturers contain hardware that is vulnerable to potent remote hack attacks that steal passwords and install malware on their host systems, researchers said.

The threat stems from baseboard management controllers that are embedded onto the motherboards of most servers. Widely known as BMCs, the microcontrollers allow administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. But serious design flaws in the underlying intelligent platform management interface, or IPMI, make BMCs highly susceptible to hacks that can cascade throughout a network, according to a paper presented at this week's Usenix Workshop on Offensive Technologies.

Heightening the risk, a recent Internet scan detected at least 100,000 IPMI-enabled servers running on publicly accessible addresses, despite long-standing admonitions from security professionals never to do so.

Read 11 remaining paragraphs | Comments