Researchers at F-Secure, the Finnish cybersecurity and data privacy corporation, has claimed in recent news that some models of the popular residential gateway routers manufactured by Inteno are vulnerable to cyber-attack.
Affecting models EG500, FG101 and DG201, F-Secure believe that the hardware is at risk from remote attacks which allow firmware to be installed on the device, unbeknownst to the user. Such software would allow attackers to assume complete control of the router and be able to monitor, track and steal all data sent via the device. This is a serious claim and affects thousands of users who have these routers installed at home.
The news is bad press for the manufacturer, Inteno, who F-Secure claim to have contacted over the issue over seven months ago and were given an unsatisfactory response which eschewed responsibility claiming that ‘operators’ who sold the devices were responsible for software issues.
Their statement, issued over two months after the warning was received from F-Secure stated:
“Operators that sell the CPE to end users or run their services over it should request update from Inteno. Inteno do not do end user sales on CPE, we sell through operators so such software features are directed through operator’s requests.”
The vulnerability lies in the fact that the affected router models do not validate the Auto Configuration Server certificate which allows anyone who launches a Man in the Middle (MitM) attack to intercept any and all traffic being processed through the router.
It goes without saying that such a flaw poses a significant threat to data security for those households and small businesses that it affects. Any information being driven through the router is instantly available to criminal scrutiny. Whilst HTTPS traffic is less easy to access there is no doubting the seriousness of the potential threat to users. Access to higher level infiltration is harder than just exploiting the known vulnerability and hackers would need to gain a privileged network position before being able to launch malware attacks. However, criminals who have the knowledge to gain access via and MitM attack will usually be intent on deploying such a strategy.
Users are redirected to malicious sites via the use of malware and sensitive and/or confidential data is extracted without the need to resort to cracking into https files.
The extent of the problem is being downplayed. With talk of there being some kind of fix being available (although this has yet to be confirmed and verified by independent sources) the threat remains very real and users who could be affected are encouraged to ensure that their anti-virus software is up-to-date, that all software used to access an internet connection is current and to use a VPN to encrypt traffic over the internet to prevent any access via a MitM attack.