Researchers at F-Secure have discovered a critical flaw in most models of Inteno home routers. It Is severe enough that if hackers are able to expose it, it would allow them to take complete control over the device and internet traffic going through it. This is yet another prime example of security issues facing ordinary consumers.
It also allows the hacker to install his own firmware, which operates normally, but enables them to install backdoors for later access. Hackers would be able to listen in on all unencrypted traffic travelling through the router. Not only from device to the internet, but device to device inside the home, as well as being able to redirect all web traffic to malicious sites set up by the same hackers.
Janne Kauhanen, a cyber security expert with the firm F-Secure had this to say:
“By changing the firmware, the attacker can change and all rules of the router. Watching video content, you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too. Of course, HTTPS traffic is encrypted, so the attacker won’t see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.”
The routers that have been found to be vulnerable, receive regular firmware updates from a website provided by the customer’s ISP, but the routers don’t make any attempt to verify the update to make sure its legitimate and from correct sources. If a hacker already has control of the router, they could easily redirect the update request to anywhere they wanted.
Researchers also said that this is only a small portion of router security issues. The main issue is that consumers are all too familiar with computer security issues, but are often unaware that their router is just as vulnerable to attacks.
Janne Kauhanen talked about this topic as well by saying:
It’s ridiculous how insecure the devices we’re sold are. We, and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers. By everyone except hackers, who use the vulnerabilities to hijack internet traffic, steal information, and spread malware.”
F-Secure’s Senior Security Consultant, Harry Sintonen, said that there is no way for a customer to prevent their router from being exploited, short of replacing it with another router altogether, or by installing firmware to fix the issue, whenever it becomes available.
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.