Sat, Feb 25, 2017 | updated 02:37 PM IST

Newfound Router Flaw lets hackers control 'Home Internet Connections'

Updated: Sep 02, 2016 14:07 IST

New Delhi [India], Sep 2 (ANI): F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.

The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim's browsing sessions by redirecting to malicious sites.

"By changing the firmware, the attacker can change any and all rules of the router," said Janne Kauhanen, cyber security expert at F-Secure.

"Watching video content you're storing on another computer? So is the attacker. Updating another device through the router? Hopefully it's not vulnerable like this, or they'll own that too. Of course, HTTPS traffic is encrypted, so the attacker won't see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine," he added.

The router type in question typically receives firmware updates from a server associated with the user's internet service provider (ISP). But problematically, the vulnerable routers make no effort to confirm the update is valid and comes from the right place.

An attacker who has already gained access to the traffic between the home router and the ISP's update server (for example, by accessing an apartment building's network distribution trunk) can set up his own update server. He could then apply a malicious firmware update.

Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.

"It's ridiculous how insecure the devices we're sold are," says Kauhanen.

"We and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers - by everyone except hackers, who use the vulnerabilities to hijack Internet traffic, steal information, and spread malware," he added.

The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others.

According to Harry Sintonen, the F-Secure senior security consultant who found the vulnerability, there is no way for a consumer to prevent their router getting exploited, short of replacing it with a new router without this particular vulnerability, or by installing the firmware that fixes the issue once it is available.

However, he points out that replacing the router is problematic advice. "As vulnerabilities in consumer DSL equipment are extremely common, it could well be that the device switch only leads to an even worse security situation," he says.

By following the usual security best practices, however, consumers can mitigate damages should their router become a victim of attack.

Keep browsers and other software updated to prevent hackers exploiting security flaws in old software.

Use reliable internet security software such as F-Secure SAFE that stays constantly updated, to prevent a hacker from dropping malware.

Use a VPN such as F-Secure Freedome to encrypt internet traffic even if the router was hacked, encryption would prevent an attacker from spying. (ANI)

New Delhi [India], Feb 24 (ANI): Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by Kaspersky Lab's heuristic detection technologies, were aimed at stealing their victim's money, according to an analysis of the financial threat landscape by Kaspersky Lab the company's experts.

Full Story >>

WhatsApp's new 'status' feature goes live

Updated: Feb 24, 2017 12:25 IST

New Delhi [India], Feb. 24 (ANI): WhatsApp's on Friday rolled out its new feature 'Status' live across Android, iOS and Windows software wherein the users can upload pictures and videos for their contacts to see, instead of regular text status message.

Full Story >>

New Delhi [India], Feb 24 (ANI): World's leading information technology (IT) association CompTIA has unveiled a groundbreaking, vendor-neutral certification, CompTIA Cyber security Analyst (CSA+), the first of its kind to bring behavioral analytics to the forefront of assessing cyber threats.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Verizon and Ericsson enabled an operational shift of 5G network from technology trials to pre-commercial pilots in the field in multiple cities across United States of America.

Full Story >>

Amsterdam [Netherlands]/Tokyo [Japan], Feb.23 (ANI): ISE 2017, the largest audio-visual and systems integration show, was held recently in Netherlands.

Full Story >>

New Delhi [India], Feb. 23 (ANI): Google has always made sure to celebrate every special affair around the globe.

Full Story >>

Mumbai (Maharashtra) [India], Feb. 22 (ANI): Microsoft's Chief Executive Officer (CEO) Satya Nadella on Wednesday announced the launch of a new skilling tool called 'Project Sangam' for Indian citizens.

Full Story >>

New Delhi [India], Feb 22 (ANI): According to Kaspersky Lab "Spam and phishing in 2016"report, about 20 percent of all spam emails in Q4 2016distributed ransomware Trojans. The Kaspersky Lab spam report also identified the following trends in 2016

Full Story >>

HP launches OMEN gaming portfolio in India

Updated: Feb 22, 2017 15:32 IST

New Delhi [India], Feb. 22 (ANI): HP Inc. launched the debut of its gaming portfolio in India - OMEN by HP, featuring an array of products built for gamers combining the latest in PC innovation, delivering power and performance to dominate competition.

Full Story >>

New Delhi [India], Feb. 22 (ANI): Optical fibre broadband service provider Spectranet on Wednesday announced their next phase of expansion in South India by launching its operations in Bengaluru.

Full Story >>

New Delhi, [India], Feb. 22 (ANI): ADDA GateKeeper, a security management platform for apartment complexes, launched a range of security measures to tighten security in large apartment complexes across most Tier I cities.

Full Story >>

Who controls your car without you knowing?

Updated: Feb 21, 2017 16:43 IST

New Delhi [India], Feb.21 (ANI): Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company's experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Full Story >>

New Delhi [India], Feb 21 (ANI): World leader in digital security Gemalto is presenting the newest release of its On Demand Connectivity and eSIM technology for Windows 10 devices, in connection with Microsoft.

Full Story >>

New Delhi [India], Feb. 21 (ANI): In lieu of its eighth birthday on February 24, 2017, WhatsApp messenger, the instant messaging platform introduced a new update which is set to revamp the status feature.

Full Story >>

New Delhi [India], Feb 20 (ANI): NEC Corporation has announced that it has completed joint verification trials with NTT DOCOMO, Inc. using Massive Multiple Input Multiple Output (MIMO), a core technology for 5G base stations.

Full Story >>

New Delhi [India], Feb 19 (ANI): SyncNScan is a young company, which was set up by ex-Microsoft leaders and they were pioneers in introducing anti-virus for mobile devices.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Ericsson introduced a 5G platform for the needs of the first movers in 5G. Communications are rapidly moving toward data-heavy applications like Virtual Reality and Augmented Reality everywhere.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Aeris Communications' 'AerCloud' is an IoT cloud platform for collecting, managing and analysing sensor data for Internet of Things (IoT) and machine-to-machine (M2M) applications.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Oracle India on Thursday announced that Oracle Management Cloud service has provided Indian companies with smarter insights and swifter action, thereby eliminating slow transactions.

Full Story >>

New Delhi [India], Feb 16 (ANI): LeEco, the internet and technology conglomerate's second generation Superphones Le2 (3+32) and Le Max2 to be a star attraction on popular e-commerce platform, Snapdeal during their Exchange Offer Days between February 16 to 18.

Full Story >>