Thu, Apr 27, 2017 | updated 06:49 AM IST

Newfound Router Flaw lets hackers control 'Home Internet Connections'

Updated: Sep 02, 2016 14:07 IST      
Newfound Router Flaw lets hackers control 'Home Internet Connections'

New Delhi [India], Sep 2 (ANI): F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.

The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim's browsing sessions by redirecting to malicious sites.

"By changing the firmware, the attacker can change any and all rules of the router," said Janne Kauhanen, cyber security expert at F-Secure.

"Watching video content you're storing on another computer? So is the attacker. Updating another device through the router? Hopefully it's not vulnerable like this, or they'll own that too. Of course, HTTPS traffic is encrypted, so the attacker won't see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine," he added.

The router type in question typically receives firmware updates from a server associated with the user's internet service provider (ISP). But problematically, the vulnerable routers make no effort to confirm the update is valid and comes from the right place.

An attacker who has already gained access to the traffic between the home router and the ISP's update server (for example, by accessing an apartment building's network distribution trunk) can set up his own update server. He could then apply a malicious firmware update.

Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.

"It's ridiculous how insecure the devices we're sold are," says Kauhanen.

"We and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers - by everyone except hackers, who use the vulnerabilities to hijack Internet traffic, steal information, and spread malware," he added.

The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others.

According to Harry Sintonen, the F-Secure senior security consultant who found the vulnerability, there is no way for a consumer to prevent their router getting exploited, short of replacing it with a new router without this particular vulnerability, or by installing the firmware that fixes the issue once it is available.

However, he points out that replacing the router is problematic advice. "As vulnerabilities in consumer DSL equipment are extremely common, it could well be that the device switch only leads to an even worse security situation," he says.

By following the usual security best practices, however, consumers can mitigate damages should their router become a victim of attack.

Keep browsers and other software updated to prevent hackers exploiting security flaws in old software.

Use reliable internet security software such as F-Secure SAFE that stays constantly updated, to prevent a hacker from dropping malware.

Use a VPN such as F-Secure Freedome to encrypt internet traffic even if the router was hacked, encryption would prevent an attacker from spying. (ANI)

New Delhi [India], Apr 26 (ANI): Tata Motors have announced readiness of SCR (Selective Catalytic Reduction) and EGR (Exhaust Gas Recirculation) technologies for BSIV compliant engines, powering its range of commercial vehicles.

Full Story >>

HCL Infosystems becomes Oracle platinum level partner

Updated: Apr 26, 2017 15:35 IST     

New Delhi [India], Apr 26 (ANI): HCL Infosystems Ltd. on Wednesday announced that it has achieved the Oracle Platinum Partner status in Oracle Partner Network (OPN).

Full Story >>

Ericsson, MTS evaluates radio network features

Updated: Apr 26, 2017 15:04 IST     

New Delhi [India], Apr 26 (ANI): Ericsson and MTS, the largest mobile operator in Russia on Wednesday built a prototype 5G network and completed a successful test of new radio network features.

Full Story >>

New Delhi [India], Apr 26 (ANI): UCWeb has outlined detailed guidelines for writers and content creators to join the 'Super 1000' Program launched in March 2017.

Full Story >>

New Delhi [India], Apr 25 (ANI): SaaS cloud platform to manage hotels sales, revenue, operations and online reputation DJUBO on Tuesday announced a rapid adoption among hoteliers with a four-fold increase in its revenues, doubling occupancy, boosting ARRs by over 50 percent, and more.

Full Story >>

New Delhi [India], Apr 25 (ANI): Mobile application that allows users to personalize conversation in real-time on any platform Bobble Keyboard on Tuesday announced that it has partnered with Zen Mobile.

Full Story >>

Google's new features empower Indian language consumer base

Updated: Apr 25, 2017 14:13 IST     

New Delhi [India], Apr 25 (ANI): Aiming to cater to the needs of one and all, Google on Tuesday announced the launch of a range of new features to empower Indian language users to adapt to latest technology within the comfort zone provided by the language of their choice.

Full Story >>

New Delhi [India], Apr 24 (ANI): Accenture on Monday announced the launch of its new platform for automated, analytics-driven software testing, after successfully completing pilots with 10 clients around the world.

Full Story >>

HTC announces VIVE product launch in India

Updated: Apr 22, 2017 12:23 IST     

New Delhi [India], Apr 22 (ANI-NewsVoir): Pioneer in innovative, smart mobile and virtual reality technologies HTC Corporation has announced the launch of their virtual reality system, HTC VIVE™ making it the first complete VR system available to customers in the India market. VIVE will be available exclusively on Amazon.in via pre-order from April 22nd, 2017.

Full Story >>

Google marks Earth Day with its Doodle

Updated: Apr 22, 2017 08:59 IST     

New Delhi [India], Apr. 22 (ANI): The Earth is more than 4.543 billion years old, home to more than 8.7 million species, and still the only known planet in the universe known to harbour life, reads Google's blog today.

Full Story >>

Softbank to deploy Ericsson Radio Dot System across Japan

Updated: Apr 22, 2017 02:09 IST     

New Delhi [India], Apr 22 (ANI): Following more than two years of verification and testing, SoftBank Corp., a subsidiary of SoftBank Group Corp. on Friday announced its decision to deploy the Ericsson Radio Dot System across Japan to deliver premium indoor connectivity to its subscribers.

Full Story >>

New Delhi [India], Apr 21 (ANI): The mobile division of Magicon Impex Jivi Mobiles on Friday announced its portfolio expansion of feature phones as it launched 'Sumo T3000' at Rs. 1490 in India.

Full Story >>

Televisa selects Ericsson for HD delivery

Updated: Apr 21, 2017 18:45 IST     

New Delhi [India], Apr 21 (ANI): Ericsson on Friday announced implementation of a new end-to-end primary distribution system for Televisa, Mexico's leading broadcaster and content provider.

Full Story >>

New Delhi [India], Apr 21 (ANI): OMA Emirates Group UAE's leading payments solutions company on Friday introduced Mobility - a comprehensive range of Smart mPoS terminals in India.

Full Story >>

Hubhopper app adjudged Problem Solver for 2017

Updated: Apr 21, 2017 15:09 IST     

New Delhi [India], April 21 (ANI): Hubhopper, one of India's leading social content aggregation, discovery and publishing platforms has been adjudged 'Problem Solver of the year' by TiE and Exhibit and ranked second amongst the Hottest 100 Start-ups in India.

Full Story >>

Bobble Keyboard partners with Gionee India for growth

Updated: Apr 20, 2017 13:49 IST     

New Delhi [India], Apr 20 (ANI): Mobile application that allows users to personalize conversation in real-time on any platform Bobble Keyboard has announced that it has partnered with Gionee India.

Full Story >>

ZOWIE announces association with ESL India Premiership 2017

Updated: Apr 20, 2017 13:29 IST     

New Delhi [India], Apr 20 (ANI): BenQ ZOWIE, a leading innovator of professional gaming gear and monitors, announced today its association with ESL India Premiership 2017, the second edition of the biggest esports event in the country.

Full Story >>

New Delhi [India], Apr 20 (ANI): While people claim to value their memories more than any other form of data stored on their digital devices, they are happy to sell them for little money, research by Kaspersky Lab shows.

Full Story >>

Ericsson partners with Lynk & Co to enhance car connectivity

Updated: Apr 20, 2017 07:10 IST     

New Delhi [India], Apr 20 (ANI): Communications technology and services leader Ericsson on Wednesday partnered with Lynk & Co, the world's 'most connected car' to enhance the future of car connectivity.

Full Story >>

New Delhi [India], Apr 19 (ANI): India's first 100 percent fibre broadband service provider Spectranet on Wednesday announced the launch of its world-class internet services in Noida.

Full Story >>