Analytics platform defends against SSHowDowN OpenSSH vulnerability, Lexumo officials say

CAMBRIDGE, MA. Open-source code and vulnerability monitoring firm Lexumo announced that its cloud-based analytics platform has been protecting users from the 12-year old SSHowDowN OpenSSH vulnerability (CVE-2004-1653), which cyber criminals have been exploiting to launch large-scale attacks from Internet of Things (IoT) devices such as routers, cable modems, satellite equipment, and network-attached storage devices.

Akamai discovered the SSHowDowN vulnerability on Wednesday, reporting that attackers are creating unauthorized SSH tunnels through more than 2 million devices to route malicious traffic while concealing their own identities with the goal of compromising corporate networks. Lexumo’s graph analytics and machine learning technologies identify vulnerabilities in IoT device code, with the platform also providing instructions as to how vulnerabilities can be remediated to avoid exploitation.

"Cyberattackers look for the path of least resistance – and vulnerabilities that have been around for years are a great place to start," said Richard Carback, PhD, co-founder and Chief Architect at Lexumo. "Unlike with zero days, information about public open source vulnerabilities is broadly available via public message boards and email lists. Many IoT devices are particularly vulnerable because they haven't been designed with security in mind, so there's a good chance this type of attacker technique will become significantly more popular in the future."

Lexumo Co-Founder and CTO Brad Gaynor will be presenting on security-related topics at the IoT Security Summit in Boston held from October 17-19, where his company will also be demonstrating its solutions in Booth 202. For more information on Lexumo visit