Many Home Routers Vulnerable to Attack: Report

Spider

Administrator
Staff member
Mar 24, 2011
15,781
1,812
by Brandon Dimmel on 20130422 @ 01:20PM EST |

Do you use a Linksys, Netgear, Verizon, D-Link, or Belkin router for your home network? Then your network could be vulnerable to attack.

Baltimore, Maryland-based security consultancy firm Independent Security Evaluators (ISE) says that in a test of popular home routers most were vulnerable to attack by hackers.

ISE put routers from Linksys, Netgear, Verizon, D-Link, and Belkin to the test after having installed each firm's latest firmware updates. ISE also left each router's default configurations in place when carrying out their tests.

Hackers Intercept Sensitive Information

ISE found that many of the routers were vulnerable to a "man-in-the-middle" attack. (Source: pcworld.com)

As the name suggests, this type of attack involves a hacker intercepting messages without detection, meaning the communicating parties continue to exchange information without any awareness that their security has been compromised.

In a successful man-in-the-middle attack, the hacker can perform a number of malicious acts, such as manipulating domain name server (DNS) settings and carrying out distributed denial-of-service (DDoS) attacks.

In many cases the routers studied by ISE required the hacker possess advanced hacking skills in order to bypass a network's security.

However, the firm found that at least two routers from Belkin, the N300 and the N900, could be attacked by a hacker not in possession of authentication credentials.

In most cases, to bypass security, the hacker would have to convince a victim to click on links designed to infect the network with a malicious program.

Experts Advise Users to Change Default Passwords

Every single one of the tested routers was vulnerable to attack if the hacker accessed the network using login credentials.

Sound obvious? Not necessarily.

Many routers simply use WPA and WEP passwords visibly attached to the device. If a hacker could see passwords or acquire a list of passwords, they could use that information to access a network.

That's why it's worth changing your router's default password after you buy it. (Source: digitaltrends.com)

Another problem, according to ISE: in order to make a router truly secure against attack, a user must have an advanced knowledge of network equipment.

"Successful mitigation often requires a level of sophistication and skill beyond that of the average user," ISE noted in its report. (Source: pcworld.com)

ISE says it has contacted Linksys, Netgear, Verizon, D-Link, and Belkin, and says that several of these firms are actively working to eliminate the vulnerabilities.
 
Back
Top