Security researchers are warning users regarding new critical vulnerabilities in Inteno routers, which could allow remote attackers to replace the firmware on a device to take complete control over it and monitor the internet traffic.
According to F-Secure, the issue affects the Inteno EG500, FG101, DG201 routers. However, more models could be affected, but it couldn’t be sure due to the vendor’s unwillingness to cooperate.
F-Measure claimed the issue in January but, when the vendor replied two months later it argued that software issues are dealt with the operators that sell the equipment to the end users.
The vulnerability itself is associated with the fact that several router models don’t validate the Auto Configuration Server (ACS) certificates. This means that it will allow an attacker to launch Man in the Middle (MITM) attack between ACS and the device and gain full administrative access to the router, allowing them to refresh the firmware.
The implications of such a flaw are potentially serious, according to F-Secure cyber security expert, Janne Kauhanen. He warned:
“By changing the firmware, the attacker can change any and all rules of the router. Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too”.
Although, HTTPS traffic is encrypted and won’t be beneficial if hacked by the attacker, but they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.
However, if HTTPS is not implemented and the attacker is able to launch Man in the Middle attack, then there is no way left to prevent a successful exploitation. Janne Kauhanen told Infosecurity:
“Gaining a MitM position is not trivial, but it’s not outside the realm of possibilities either, whether physically attacking a whole building by breaking into the distribution trunk in the building or using software tricks to route network traffic through a malicious site”.
F-Secure recommended users to keep browsers and other software updated to prevent hackers exploiting any flaws. The use of effective and well known antivirus software is suggested to prevent any malware downloads and to use a VPN to encrypt internet traffic and prevent hackers gaining that initial foothold into the network.