Hackers come through home routers

by Alice Woods - -
Hackers come through home routers

Our personal information on the internet wouldn‘t be so personal without the help of ethical hackers and security researches, who are constantly working to find as many security flaws as possible. And, thanks to vpnMentor researchers, one more was found in most of already-sold gigabit-capable passive optical network (GPON) home routers.

GPON system is being used by more than 1 million people from all around the world today. In order to make sure that all of these users are safe, the researchers remotely “attacked” and tested many home routers from different places and found out that pretty easily, all of them can be accessed by anyone – all types of authentication can be bypassed even without any special software[1]. That is the vulnerability number one (CVE-2018-10561).

To have a clearer view of this problem – vpnMentor said that with a very little effort they even were able to execute commands on affected devices.

So, there were two different vulnerabilities in this GPON firmware, but the main problem was caused by the combination of these flaws. It granted a full control of affected devices and networks[2].

The first vulnerability had a full access to the authentication of the device. So, as you already guessed, it just revealed all authentication for all of those who wanted.

To be more precise, this bug lets bots remotely access gateways. And in that case, these gateways can join to botnet-vulnerable devices, which are not able to predict even the highest risk of DDoS attacks.

Moreover, hacked GPON systems are extremely dangerous because of its high-speed broadband connections. Control of affected devices can be taken over by a bot master, which forms a huge botnet. And it is easily powerful enough to generate massive denial-of-service (DDoS) attacks against internet users from all around the globe[3].

 

 

About the author

Alice Woods
Alice Woods - Antivirus software analyst

Alice Woods is an anti-malware analyst at Reviewedbypro.com. She is passionate about testing new pieces of software and discovering pros and cons of each program.

Contact Alice Woods
About the company Esolutions

References



Ask
now online
news
Subscribe
Privacy
Security
Recovery
Utilities
Like us on Facebook