Newfound Router Flaw Lets Hackers Control Home Internet Connections
"F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.
The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim's browsing sessions by redirecting to malicious sites.
Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.
The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others."
Inteno - http://www.intenogroup.com/Products.aspx
"F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.
The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim's browsing sessions by redirecting to malicious sites.
Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.
"It's ridiculous how insecure the devices we're sold are. We and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers – by everyone except hackers, who use the vulnerabilities to hijack Internet traffic, steal information, and spread malware."
- Janne Kauhanen, Helsinki, Finland – September 2, 2016
- Janne Kauhanen, Helsinki, Finland – September 2, 2016
The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others."
Inteno - http://www.intenogroup.com/Products.aspx
