ForgotDoor: Singapore routers gave full access to IoT hackers
Cybersecurity Tech Accord

ForgotDoor: Singapore routers gave full access to IoT hackers

ForgotDoor vulnerability caused by open ports.

A vulnerability affecting hundreds of routers in Singapore could have given hackers complete access to connected devices.

According to a blog post by researchers at cybersecurity specialists NewSky Security, Singapore ISP Singtel opened up port-forwarding to fix a technical issue on their routers, but forgot to close the ports afterwards. That vulnerability allowed access to all devices connected to the affected hardware.

Research lead Ankit Anubhav – who discovered the flaw, dubbed ‘ForgotDoor’ – said that the affected routers had port 10000 wide open, meaning that they could easily be accessed and controlled by attackers. Around 975 have been found to be affected so far.

While the routers’ login feature was disabled, hackers could still use the flaw to access administration settings to re-enable login and change the router’s password.

“Once a new password is set, it might cut off future connections to the original owner of the device,” said Anubhav. He added that the routers were all connected to multiple devices, which meant that those too would have been open to compromise.

Port forwarding now disabled

Douglas Mun, deputy director in charge of SingCERT at the Cyber Security Agency of Singapore, said, “The ISP SingTel has now disabled port forwarding to port 10000 for the affected routers. Port forwarding was enabled by their customer service staff to troubleshoot Wi-Fi issues for their customers, and was not disabled when the issues were resolved.

“ISP SingTel will be taking measures to ensure that port forwarding is disabled after troubleshooting has completed,” he said.

Anubhav said that one way to prevent attacks in these scenarios would be to allow IoT devices to connect via non-standard ports. “For example, setting up SSH on an unusual port can save the device from a lot of brute-force attacks that are designed to attack the default SSH port, which is 22,” he said.

“However, this practice should never be considered as a replacement for basic IoT security. With easily available crawling scripts and services like Shodan, it is easy for attackers to find out which unusual ports are being used.”

Anubhav added that while responsibility for fixing holes in IoT security may lie with vendors and ISPs, there are still actions that end users can take to improve their overall resilience against attack.

“The various levels of IoT attacks can be combated with cautious port forwarding, strong authentication, a trustable firewall or other IoT security mechanism, and regular updates,” he said.

Internet of Business says

While this appears to have been an isolated incident and a simple mistake, it nevertheless reveals that IoT security is a fragile thing, when billions of devices are interconnected online. This is why all IoT device and service users should take steps to secure their own devices, by changing default passwords, enabling updates, and taking as much responsibility as possible for their own security.

For example, our recent report via Mozilla revealed the real dangers that lurk in IoT devices that are not properly secured, either by the factory or by the user.