Vulnerabilities in Home Routers: Potential Threats from Hackers
Vulnerability in millions of home routers was disclosed earlier this month. On August 3rd, Tenable, a cyberexposure company, discovered an authentication-bypass vulnerability affecting both home routers and other Internet of Things (IoT) devices that can be exploited by cybercriminals.
Juniper Threat Labs also cited that cybercriminals can use a variant of the Mirai malware to capitalize on the home router’s vulnerability. There has already been a recent hijacking of home routers from at least 20 vendors, as they use the Mirai malware variant to carry out DDoS attacks. The vulnerability was discovered to affect home router vendors like ADB, Arcadyan, ASMAX, ASUS, Beeline, British Telecom, Buffalo, Deutsche Telekom, HughesNet, KPN, O2, Orange, Skinny, SparkNZ, Telecom [Argentina], TelMex, Telstra, Telus, Verizon, and Vodafone. These home routers use the Arcadyan firmware, which is vulnerable to the attack.
Researchers at Tenable tracked the security flaw as CVE-2021-20090. A proof of concept (POC) was published by Tenable indicating that cyberattackers can infiltrate a device by activating Telnet on the home router and gain some access to the device. The attacker can then launch a DDoS attack on all devices connected to the home router.
According to Tenable, “Whenever an exploit POC [proof of concept] is published, it often takes them very little time to integrate it into their platform and launch attacks. The researchers also noted that most organizations do not have policies to patch within a few days, sometimes taking weeks to react. But in the case of IoT devices or home gateways, the situation is much worse as most users are not tech savvy and even those who are do not get informed about potential vulnerabilities and patches to apply.
The Potential Threats Through Mirai Variant
Juniper Network discovered exploitation of home routers through the Mirai malware. Cybercriminals can change their IP address to one in China and launch an attack on vulnerable routers.
They said, “We have identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China.. The attacker seems to be attempting to deploy a Mirai variant on the affected routers.”
An attack on a home router can pose multiple threats to an individual or company. Jake Williams of BreachQuest, emphasized the effect of the attack. He said, “A threat actor that compromises a router can run full man-in-the-middle attacks on all traffic passing through it, but the more likely scenario is a threat actor using these devices as part of a botnet, which could be used for distributed vulnerability scanning, exploitation, password guessing, or in the most likely case DDoS.”
According to Williams, a vulnerability in the user interface of a home router could give an attacker login access to the device, potentially allowing them to change settings or add malware. He, however, added that most modern routers do not expose their interface to the public internet.
What is the Mirai Variant
Mirai is a botnet that targets Internet of Things (IoT) devices—like home routers, digital video recorders, and internet cameras—and turns them into things that hack other machines. The self-propagating Mirai botnet is believed to be responsible for over half a million compromised IoT devices that were used to conduct massive DDoS attacks ranging up to 1 Tbps.
Mirai was first spotted in 2016 when hackers unleashed a large-scale attack on the Dyn domain name system (DNS) service. It caused numerous major sites to be down for hours, including Twitter, Amazon, Reddit, and Netflix. The Mirai code was published in November that year, and since then, many different variants have emerged.
Mitigating Potential Attacks
According to researchers, the vulnerability in home routers is found in their firmware. They are caused by a deficiency in update policies, patching from home router vendors, as well as its dependence on open source projects for code. Typically, these three critical components of home routers are unsecured, making them an easy target for cybercriminals.
Some home routers run old software and have little or no update policy to address security risks. They also lack patches and updates to resolve identified flaws. This may be due to a lack of funding on the part of the home router manufacturer, which also makes them susceptible to attacks from hackers.
Researchers advised vendors to offer automatic updates to mitigate potential attacks. Juniper said, “The only sure way to remedy this issue is to require vendors to offer zero-down-time automatic updates.”
Users can also update their home router firmware and stay informed on vulnerabilities to avoid compromise on their devices. Furthermore, using a VPN on a home router can also help prevent cyberattacks.
Researchers have discovered vulnerabilities in home routers that can unleash DDOS attacks from cybercriminals. The vulnerability has already been found on about 20 home router vendors. Cyber attackers launch these attacks through the Mirai variant and affect all devices connected to the router. Users need to update their firmware and take other precautions to prevent attacks