It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us.
If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.
If you think this exploit sounds like a 1990s-standard input overflow flaw, well done. That’s exactly what it is. As Nichols put it in his very detailed blog post: “1996 called, they want their vulnerability back.”
Unfortunately, these kinds of vulnerabilities are all too common. In just the last year, we reported on the VPNfilter botnet’s compromise of 500,000 routers, the fact that Virgin media users were the target of a huge hack, and the rise of new and efficient WiFi phishing attacks that are still remarkably effective.
The primary vulnerability identified in these reports relates to a “feature” of NetGear routers called variously “Web Services Management” or “Remote Management.” The problem, as is so often the case with home Wi-Fi routers, lies in the web server built into the router’s firmware. The web server runs the web-based administrative interface on which router owners authenticate themselves with their administrative passwords.
Initially, it was thought that locking down the administrative privileges of these routers would make them secure. But then Lawrence Abrams at Bleeping Computer pointed out that a DNS rebinding attack could leave them vulnerable. By inputting a specific text string on two different models, researchers found that they could put the routers into update mode, bypassing the login process for the Netgear administrative (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/cybercriminals-infiltrating-netgear-routers/