All thirteen routers can be taken over from the local network, but eleven of them can be taken over from the WAN. It is an issue that has not been given adequate consideration, suggests the report, since few users have the understanding necessary to secure them. Routers are usually provided by the consumers’ ISP, and most customers simply accept them and assume – since they are provided by the ISP – that they are secure. However, if breached, the attacker is able to listen to all traffic between the user and the internet, whether that is with a friend, a business partner or a bank.
“We define a critical security vulnerability in a router,” wrote Independent Security Evaluators (ISE) in its report this week, “as one that allows a remote attacker to take full control of the router's configuration settings, or one that allows a local attacker to bypass authentication and take control. This control allows an attacker to intercept and modify network traffic as it enters and leaves the network.”
Eight of the affected routers are provided by Linksys, Belkin, Netgear, TP-Link, Verizon and D-Link. The remaining five have not yet been named, presumably because the manufacturers are yet to patch the products.
One of the problems with router vulnerabilities is that any compromise multiplies the damage. While a PC compromise usually only affects the single PC and its user, a router vulnerability can potentially affect every computer and every user that uses it to access the internet; including a child’s PC at home, all students in a school or university, or everyone in the office. It also has the potential to compromise the sites visited by those computers.
Problems include “sniffing and rerouting all non-SSL protected traffic, poisoning DNS resolvers, performing denial of service attacks, or impersonating servers. Worse still,” warns ISE, “is that these routers are also firewalls, and often represent the first (and last) line of defense for protecting the local network. Once compromised, the adversary has unfettered access to exploit the vulnerabilities of local area hosts that would be otherwise unreachable if the router were enforcing firewall rules as intended.”
Unfortunately, adds the report, there is little the average end-user can do to mitigate such attacks since it require a level of know-how beyond that of most likely victims. It does, however, offer the following advice: don’t ignore software warnings of potential man-in-the-middle attacks; be careful not to follow email links, especially ones directed to what could be a SOHO networking device (such as 192.168.2.1); and above all, “Be diligent, and browse safely.”