New attack puts routers, cell phones, other gear at risk

A security researcher at Juniper Networks Inc. has developed a new form of attack that can be used to run unauthorized software on a wide range of computing devices, including routers and mobile phones.

In a demonstration set to take place at the CanSecWest security conference in Vancouver Thursday, Juniper's Barnaby Jack says he will show how this technique could be used to take control of a router, and then inject malicious software on virtually every machine on the network.

Jack says he has discovered a way to turn a common type of computing error -- called a null pointer dereferencing error -- into something far more dangerous than previously thought. Researchers have known for years how to create these flaws, which occur when the computer tells a program that the part of memory that it's looking for is invalid, or "null."

Until now null pointer errors, though not uncommon, had not been considered particularly devastating. They typically cause the affected computer to crash, but cause no more serious damage.