Vancouver, CANADA -- Embedded systems, such as phones and mass-market routers, that use the popular ARM and Xscale processors have significant flaws, including in many cases a new class of vulnerabilities, a security researcher told attendees at the CanSecWest conference on Thursday.

The vulnerabilities, known as exploitable NULL pointer flaws, are caused by firmware implementations that have a critical table of addresses at the beginning of the code, said Barnaby Jack, a staff security researcher at networking hardware maker Juniper Networks. The class of vulnerabilities is a more serious side of the NULL pointer flaws that typically only result in denial-of-service conditions on computers.

Along with the design issue, numerous other flaws that have been fixed in PC operating systems continue to affect the software of many current embedded devices -- such as routers, cell phones, and other consumer electronics, Jack said.

"The best thing is that you have a bunch of vulnerabilities that are near-dead on the PC," he said. "Stack overflows will greet you on every corner."

In a two-step attack, Jack demonstrated an attack on a D-Link router using a LAN-side vulnerability to get access to the device and allow remote administration. Then, the security researcher created modified firmware that took advantage of the critical table of addresses, known as the vector table, to completely compromise the router. He demonstrated a program that could append a malicious Trojan horse program to any executable file downloaded by a user on the local network.

"The eventual goal is to take control of the network, not just the device," he said.

Juniper informed the U.S. Computer Emergency Readiness Team (US-CERT), the United States' national cybersecurity response group, two weeks ago, Jack said. The NULL pointer flaws do not affect all embedded processors: The latest versions of the ARM can be configured to put the vector table in high memory, which protects the platform from attack.