Here’s another piece of news that could give a shock of sorts to those who think internet security is easy, and that installing programs like antivirus software, firewall etc would give total security. Here comes report about a new vulnerability, a router flaw, which could let cyber-criminals take control of home internet connections.
Researchers at F-Secure, the Helsinki-based security firm, have discovered a critical flaw in home routers of a particular brand, which, if exploited by a cyber-criminal, could allow him to get complete control over a person’s device and the internet traffic traveling through the device. It’s some models of the Inteno routers which have this flaw that could let remote hackers hijack and monitor your home internet connection.
How it works
A release made by F-Secure explains the flaw- “The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim’s browsing sessions by redirecting to malicious sites.”
The release quotes F-Security cyber-security expert Janne Kauhanen who says that though the hacker may not be able to see HTTPS-secured traffic, he would be able to redirect all traffic of the victim to malicious sites and thus get the system or home internet network infected with malware. Janne Kauhanen is quoted as saying- “”By changing the firmware, the attacker can change any and all rules of the router…Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too. Of course, HTTPS traffic is encrypted, so the attacker won’t see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.”
The router type in question typically receives firmware updates from a server associated with the user’s internet service provider (ISP). But problematically, the vulnerable routers make no effort to confirm the update is valid and comes from the right place. An attacker who has already gained access to the traffic between the home router and the ISP’s update server (for example, by accessing an apartment building’s network distribution trunk) can set up his own update server. He could then apply a malicious firmware update.
The F-Security release also says- “The router type in question typically receives firmware updates from a server associated with the user’s internet service provider (ISP). But problematically, the vulnerable routers make no effort to confirm the update is valid and comes from the right place. An attacker who has already gained access to the traffic between the home router and the ISP’s update server (for example, by accessing an apartment building’s network distribution trunk) can set up his own update server. He could then apply a malicious firmware update.”
It is also explained that the flaw, though severe, is not immediately exploitable. For making this attack work, the hacker would first have to achieve “a privileged network position between the router and the point of entry of the internet. “
How to minimize damages
There are some internet security practices that could help consumers mitigate damages if they become the victim of such an attack.This includes keeping your web browsers and other software updated, using reliable internet security software and using a secure VPN to encrypt internet traffic.
Above all, going for security options like having antivirus software installed on your device, doing transactions over SSL-encrypted websites only, having a firewall installed etc would always be advisable.