Router Archives - IT Security Guru

Netgear removes crypto keys hard-coded in routers

The Gurus — Tue, 14 Jun 2016 09:23:30 +0000

Qualys security researcher Mandar Jadhav has discovered two serious vulnerabilities in Netgear D6000 and D3600 modem routers, which can be exploited to gain access to the devices and to intercept traffic passing through them.
The vulnerabilities reside in the devices’ firmware, versions 1.0.0.47 and 1.0.0.49.
The first one (CVE-2015-8288) is due to the firmware containing a hard-coded RSA private key and a hard-coded X.509 certificate and key. An attacker that discovers this information can misuse it to gain administrator access to the device, implement man-in-the-middle attacks, or decrypt passively captured packets.

Original Source: Help Net Security
View the full story here.

The post Netgear removes crypto keys hard-coded in routers appeared first on IT Security Guru.

Boffin's easy remote hijack hack pops scores of router locks

The Gurus — Mon, 12 Oct 2015 09:16:26 +0000

Thousands of routers mandated for use by a major Singaporean telco and operated by ‘top enterprises” around the world are open to a remote zero day exploit that allows routers to be completely hijacked and is indefensible by most users.
Vantage Point Security senior security consultant Lyon Yang does not wish to disclose the name of the affected internet provider but says the ZHONE routers are required for subscribers to be able to connect to the service.
“When the ISP ships the router, it comes with a shitload of vulnerabilities,” Yang told Vulture Southahead of a talk at the Hack in the Box conference this week. ISP
“I quickly found a large number of routers on Shodan from users in different countries — some of the top enterprises use it.”
“The remote hijack vulnerability is really easy to pull off.”
The hack is one of seven vulnerabilities, all patched last week.

view full story

The post Boffin's easy remote hijack hack pops scores of router locks appeared first on IT Security Guru.

White Hat Wifatch Malware Infects Thousands

The Gurus — Mon, 05 Oct 2015 13:41:01 +0000

In today’s news: A story broke over the weekend about a malware called Wifatch – a router virus that is seeking out vulnerable devices and helping secure them!
Being described as ethical malware or vigilante malware, what wifatch is doing is infecting thousands of routers and protecting them from more powerful, well known kinds of malware. It even tells hardware owners to change their telnet passwords or update their firmware.
Remember, it is an infection and your router is still being hacked – but so far it appears that the people spreading linux/wifatch are not doing anything malicious
As it infects the devices, wifatch closes the door behind it, stopping other kids of malware from using the same exploit. For now, it seems white hat hacking is on the agenda, however it is possible the the mysterious creators could use the malware for malicious ends further down the line – we’ll have to wait and see.
more IT security news at www.itsecurityguru.com
@IT_SecGuru

The post White Hat Wifatch Malware Infects Thousands appeared first on IT Security Guru.

Borg patches enterprise ASR router DoS hole

The Gurus — Fri, 31 Jul 2015 08:44:32 +0000

Cisco has closed a hole in its ASR 1000 line of enterprise and service provider-grade routers that could trigger denial of service.
Attackers can exploit the hole by crafting a series of packets that cause the routers to reload and cut net services.
The Borg says it has not witnessed attacks in the wild.
“A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6) packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing the packet,” Cisco says in an advisory.
“The vulnerability is due to improper processing of crafted, fragmented packets.
“An attacker could exploit this vulnerability by sending a crafted sequence of fragmented packets [which] could allow the attacker to cause a reload of the affected platform.”
Admins have no choice other than to patch the hole, rated a severity score of 7.8 for its its ease of attack, since fix workarounds are not known to exist.

view the full story here

The post Borg patches enterprise ASR router DoS hole appeared first on IT Security Guru.

ITSG News – 1.4m Range Rovers Recalled!

The Gurus — Mon, 27 Jul 2015 13:31:12 +0000

In today’s news: In one of the biggest automotive payouts to date, Fiat Chrysler are forced to recall 1.4 million cars after hackers highlighted security flaws in the UConnect system.
For more IT security news, visit www.itsecurityguru.org
@IT_SecGuru

The post ITSG News – 1.4m Range Rovers Recalled! appeared first on IT Security Guru.

ITSG News – Routers Enslaved by DDoS Attackers

The Gurus — Mon, 06 Jul 2015 09:25:35 +0000

Attackers are reportedly carrying out DDoS attacks by using version one of the routing information protocol.
More on this story and others at www.itsecurityguru.org
@IT_SecGuru

The post ITSG News – Routers Enslaved by DDoS Attackers appeared first on IT Security Guru.

Avast: Routers contain firmware security reminiscent of the 1990s

The Gurus — Mon, 08 Dec 2014 10:56:51 +0000

Around three-quarters of internet-connected households in the UK are at risk of getting attacked through their wireless router.

According to a study conducted by Avast Software, more than half of all routers are poorly protected by default or common, easily hacked password combinations such as admin/admin or admin/password, or even admin/.

The survey of more than 2,000 households in the UK found that 23 per cent of consumers use their address, name, phone number, street name or other easily guessed terms as their passwords.

Speaking at an event in London, Ondřej Vlček, COO of Avast said that many routers are “riddled” with security problems” and all have administrator interface that allows the user to reconfigure the router, which is enabled via a backdoor.

He said: “Five to seven years ago people had connections at their home network for their games console, now they have dozens of internet-connected devices including IP and security camera and heaters and thermostats. It has been growing and steadily fast.

“In our study, we found that with the three most common username and password combination, we were able to get to about 50 per cent of the world’s routers. As well as that, they were able to use easy-to-guess passwords, so in total 75 per cent of routers can be easily accessed by an attacker using a ‘guess’ attack.”

He said that as the routers have a CPU and an operating system firmware, the problem is that the firmware is vulnerable to remote code execution attacks. “While modern operating systems we use for PCs and Macs and phones are quite sophisticated, these devices have been completely ignored and are still using the same approach to the evolution of security that they were 20 years ago,” he said.

“What this means is that for any attacker with elementary skills, it is really easy to use common vulnerabilities on these routers.”

Vince Steckler, chief executive officer of Avast, said: “Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment. The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”

According to the survey, less than half of British people strongly believe their home network is secure, despite 88 per cent of wired households in the UK having six or more devices connected to a WiFi network. Also, 15 per cent of respondents reported that they have fallen victim to hackers, while the same amount do not know if they use a solution to protect their home network, while nine per cent are certain that they don’t use one.

The post Avast: Routers contain firmware security reminiscent of the 1990s appeared first on IT Security Guru.

Devices and routers now vulnerable to Heartbleed

The Gurus — Wed, 16 Apr 2014 11:26:37 +0000

The Heartbleed vulnerability is affecting devices as well as websites, with reports claiming that both routers and mobile devices could be affected by the flaw.

According to the Guardian, Cisco has confirmed that a number of its products are vulnerable, including desktop phones, video conferencing hardware and VPN software, while Belkin said that its routers, as well as those of its Linksys subsidiary, while neither Netgear nor BT have spoken publicly about whether or not their devices are vulnerable.

Commenting, Russ Spitler, vice president of product strategy at AlienVault, said: “Where you need to be concerned is the machines that you are connecting to that you require to be secure.The infrastructure between the home computer and the website you are trying to establish a secure connection to is of less importance, because they are not responsible for negotiating the secure communication, nor do they ever hold the secrets used to secure the communication. This means our home routers are really of little concern in terms of impact.”

Also according to security analyst Graham Cluley, millions of Android smartphones and tablets are at risk of being attacked, even though only one particular version of the software was at risk: Version 4.1.1 of Jellybean.

The Guardian reported that this flaw could affect tens of millions Android devices worldwide. Google has not disclosed how many devices are vulnerable, particularly with hundreds of millions of handsets in China running Android without Google services.

Although only 4.1.1 uses the vulnerable version of OpenSSL, the devices would be vulnerable to “reverse Heartbleed”, where a malicious server would be able to exploit the flaw in OpenSSL to grab data from the phone’s browser, which could include information about part sessions and logins.

The post Devices and routers now vulnerable to Heartbleed appeared first on IT Security Guru.

Vulnerable routers enable DDoS amplification attacks

The Gurus — Wed, 02 Apr 2014 21:19:25 +0000

More than 24 million vulnerable home routers are exposing internet service providers to DNS-based amplification attacks.
According to Nominum, in February 2014, over 5.3 million normal home and office routers were secretly used by hackers used to generate attack traffic, accounting for 70 per cent of DNS-based DDoS amplification attacks.
A simple attack can create 10s of Gbps of traffic to disrupt provider networks, enterprises, websites, and individuals anywhere in the world, according to the company, and require little skill or effort and can have a major impact.
The vulnerabilities in the routers are in the Open Domain Name System Proxy, and mask the target of an attack, so it is difficult for ISPs to determine the ultimate destination and recipient of huge waves of amplified traffic.
Sanjay Kapoor, CMO and SVP of strategy at Nominum, said: “Even if ISPs employ best practices to protect their networks, they can still become victims, thanks to the inherent vulnerability in open DNS proxies. ISPs today need more effective protections built-in to DNS servers. Modern DNS servers can precisely target attack traffic without impacting any legitimate DNS traffic.”
According to the Guardian, 800,000 of those routers are based in the UK.

The post Vulnerable routers enable DDoS amplification attacks appeared first on IT Security Guru.