Sun, Jul 23, 2017 | updated 06:09 PM IST

Newfound Router Flaw lets hackers control 'Home Internet Connections'

Updated: Sep 02, 2016 14:07 IST      
Newfound Router Flaw lets hackers control 'Home Internet Connections'

New Delhi [India], Sep 2 (ANI): F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.

The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim's browsing sessions by redirecting to malicious sites.

"By changing the firmware, the attacker can change any and all rules of the router," said Janne Kauhanen, cyber security expert at F-Secure.

"Watching video content you're storing on another computer? So is the attacker. Updating another device through the router? Hopefully it's not vulnerable like this, or they'll own that too. Of course, HTTPS traffic is encrypted, so the attacker won't see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine," he added.

The router type in question typically receives firmware updates from a server associated with the user's internet service provider (ISP). But problematically, the vulnerable routers make no effort to confirm the update is valid and comes from the right place.

An attacker who has already gained access to the traffic between the home router and the ISP's update server (for example, by accessing an apartment building's network distribution trunk) can set up his own update server. He could then apply a malicious firmware update.

Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.

"It's ridiculous how insecure the devices we're sold are," says Kauhanen.

"We and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers - by everyone except hackers, who use the vulnerabilities to hijack Internet traffic, steal information, and spread malware," he added.

The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others.

According to Harry Sintonen, the F-Secure senior security consultant who found the vulnerability, there is no way for a consumer to prevent their router getting exploited, short of replacing it with a new router without this particular vulnerability, or by installing the firmware that fixes the issue once it is available.

However, he points out that replacing the router is problematic advice. "As vulnerabilities in consumer DSL equipment are extremely common, it could well be that the device switch only leads to an even worse security situation," he says.

By following the usual security best practices, however, consumers can mitigate damages should their router become a victim of attack.

Keep browsers and other software updated to prevent hackers exploiting security flaws in old software.

Use reliable internet security software such as F-Secure SAFE that stays constantly updated, to prevent a hacker from dropping malware.

Use a VPN such as F-Secure Freedome to encrypt internet traffic even if the router was hacked, encryption would prevent an attacker from spying. (ANI)

New Delhi [India], July 22 (ANI): With the monsoon going on, the threat of dengue is looming large and people are adopting all types of measures to ward off mosquitoes. Every year, as the monsoon begins to wane, it stirs up an old scourge: dengue fever.

Full Story >>

Osaka [Japan], July 22 (ANI): Kyocera Document Solutions Inc. has announced that seven of its products were awarded the "Summer 2017 Pick" commendations from Buyers Lab (BLI), a global printing product testing provider.

Full Story >>

New Delhi [India], July 21 (ANI): Global cyber-security company Kaspersky Lab has seen one man's mission grow into a global crusade against cybercrime. With innovation and vision at its heart, this year will see Kaspersky Lab take its fight to new heights - launching key initiatives such as the adaptive Kaspersky Security Cloud and the Kaspersky OS - to empower businesses and consumers to protect themselves from ever-evolving threats.

Full Story >>

New Delhi [India], July 21 (ANI): Intel on Friday launched the Movidius Neural Compute Stick, a USB-based deep learning inference kit and self-contained artificial intelligence (AI) accelerator that delivers dedicated deep neural network processing capabilities to a wide range of host devices at the edge.

Full Story >>

New Delhi [India], July 21 (ANI): World leader in digital security Gemalto has announced delivering of flexible connectivity for Lenovo smart devices across 160 countries.

Full Story >>

James Dyson award takes place for first time in India

Updated: Jul 20, 2017 20:20 IST     

New Delhi [India], July 20 (ANI): Dyson, a British technology company, launched its globally renowned James Dyson Award in India for the first time this year.

Full Story >>

New Delhi [India], July 20 (ANI): Casio Computer Co., Ltd. has announced the launch of MP-12R, a calculator with a Remainder Calculation function designed to be useful for warehouse operations.

Full Story >>

New Delhi [India], July 20 (ANI): Truecaller on Thursday rolled out its newest update for Android 8.21 with interface changes for easier access to spam inbox.

Full Story >>

Protect your gadgets in Monsoon!

Updated: Jul 20, 2017 14:02 IST     

New Delhi [India], July 20 (ANI): Finally the season to get all drenched is here and with it, is the threat for your gadgets.

Full Story >>

New Delhi [India], July 19 (ANI): Mahindra Comviva on Wednesday announced an update on its payPLUS payment solution, wherein the platform will enable merchants with a unified payment acceptance.

Full Story >>

Casio's Privia PX-870 to recreate grand piano experience

Updated: Jul 19, 2017 17:57 IST     

Tokyo [Japan], July 19 (ANI): Casio Computer Co., Ltd., has announced the release of Privia PX-870, a stylish compact digital piano that recreates the rich and expansive tone of a grand piano with the lid open.

Full Story >>

New Delhi [India], July 19 (ANI): Aiming to further strengthen their hold in the consumer PC market, Lenovo on Wednesday launched an array of future-ready laptops, consisting of ultra-sleek devices offering powerful computing to today's millennials.

Full Story >>

Facebook hires former Uber PR chief as VP of communications

Updated: Jul 19, 2017 02:15 IST     

London [UK], July. 19 (ANI): Facebook has announced that Rachel Whetstone, the former top public relations executive at Uber, is joining the social media giant as vice-president of communications for Instagram, WhatsApp and Messenger.

Full Story >>

London [UK], July 18 (ANI): Marking 'World Emoji Day' celebrations, Apple on Monday launched a new series of emojis, panning across women with a headscarf, bearded men, and even one of a breastfeeding mother!

Full Story >>

Imarticus Learning collaborates with renowned names

Updated: Jul 18, 2017 19:52 IST     

New Delhi [India], July 18 (ANI): With major developments taking place in the edtech space, Imarticus Learning, has collaborated with prominent industry leaders for its new Prodegree courses.

Full Story >>

SPPL launches 'Kodak TV' portable speaker in India

Updated: Jul 18, 2017 17:09 IST     

New Delhi [India], July 18 (ANI): Super Plastronics Pvt. Ltd. (SPPL), a Kodak brand licensee on Monday unveiled its portable speaker, marking the beginning of its venture of creating a complete sound experience.

Full Story >>

New Delhi [India], July 18 (ANI): CogniCor, one of the leading AI-based platforms which offers cognitive virtual assistant solutions, has been ranked fourth amongst the key international chatbot solution providers in the 'Global Chatbots Market Professional Survey Report 2017'.

Full Story >>

New Delhi [India], July 18 (ANI-Businesswire India): Techmagnate, the leading Digital Marketing & Website Designing Company in Delhi, is doubling its Online Reputation Management (ORM) team to meet the growing demand for ORM Services in the domestic and international markets. The agency was recently in the news for having won the Best Places to Work in 2017 award from CEO Magazine. They already have an impressive portfolio of brands, celebrities, politicians, doctors, real estate developers, hospitals, hotels and restaurants that depend upon the agency to protect their reputation. The agency helps its clients build a strong online reputation so they can show themselves in the best light and influence consumer behaviour and purchase decisions.

Full Story >>

Ericsson appointed as connectivity partner of Chelsea FC

Updated: Jul 17, 2017 16:16 IST     

New Delhi [India], July 17 (ANI): Ericsson on Monday was announced as the connectivity partner for Stamford Bridge - Chelsea Football Club's home stadium in Fulham, London. Free Wi-Fi coverage will be provided via the small cell as a service connected venue business model whereby Ericsson designs, builds and operates the network on the customer's behalf.

Full Story >>

Xender ranks among Top 3 apps on Samsung Tizen Store

Updated: Jul 15, 2017 21:38 IST     

New Delhi [India], Jul 15 (ANI): The launch of cost-effective Tizen smartphones by Samsung is already creating waves in India, and is expected to play a significant role in further strengthening its position in the market.

Full Story >>