Spawn

Administrator
Verified
Staff member
Newfound Router Flaw Lets Hackers Control Home Internet Connections

"F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.

The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim's browsing sessions by redirecting to malicious sites.

Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.

"It's ridiculous how insecure the devices we're sold are. We and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers – by everyone except hackers, who use the vulnerabilities to hijack Internet traffic, steal information, and spread malware."

- Janne Kauhanen, Helsinki, Finland – September 2, 2016​

The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others."

Inteno - http://www.intenogroup.com/Products.aspx
 

Solarquest

Level 33
Verified
Staff member
Malware Hunter
Thank you for sharing!
I complete agree with "It's ridiculous how insecure the devices we're sold are. "...again I just wonder why nobody (public institution as private) already sued these company when the firmware is so buggy and bad coded.

What does this in reality mean" An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. "?
 

_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Agreed, and I think if products were featured based of level of security rather than what cool thing it can do, the market would switch focus.
Don't hold your breath waiting for that to happen though.
Cool share Huracan :)