A flaw has been discovered in some models of Inteno home routers that could give the attacker complete access to the entire home network and the traffic that passes through it.
Another instance of home routers’ weak security standards has been discovered as F-Secure researchers have found a glaring vulnerability in some of Inteno home routers. According to the researchers at F-Secure, exploiting these vulnerabilities could easily allow the hacker to take complete control over the router, and thereby give him complete access over the traffic that flows through it.
Exploiting the vulnerability allows the attacker to install his or her own firmware on the Inteno home router. The router would work just as it worked before, but would be full of backdoors and unwanted features which the users would be unaware of. The attacker would be able to listen in on any unencrypted traffic passing through the router.
This means that not only will they be able to view the communication between the network and the internet but also between different devices connected to the network. The researchers also say that the attackers could manipulate the user’s browsing as well by redirecting them to malicious pages.
Although it is believed that the attackers won’t be able to snoop the HTTPS traffic easily, given its sound encryption, the fact still remains that users can be redirected to malicious pages and sites where malware could be downloaded on the user’s device.
The attacker will be able to control and manipulate every facet of the router’s functioning and tweak it to his or her own amusement. If the user’s devices are not well protected, then the attacker could gain access to it as well. This is most simple if the user uses the router to update a device which is not protected as well as it should be.
The researchers go on to say that although this vulnerability is so simple to exploit, it could cause a lot of problems to the user. To exploit it, the attacker would need to be positioned strategically between the router and the point of entry of the internet. If placed so, they can exploit this vulnerability to install malicious firmware and do whatever to the victim’s router and other devices connected to it. There is no way to protect the models EG500, FG101, DG202, and perhaps some others, from this vulnerability.
This discovery highlights just how careless security companies still are when it comes to providing users with secure devices. The level of protection offered to them is close to nothing, which only makes the task of the attacker all the more simple.