Researchers at Trustwave have discovered several models of Netgear home router that are vulnerable to hackers. Anywhere between 10,000 and one million devices are thought to be affected. Netgear is currently providing firmware fixes to help users patch the problem.
Trustwave has found that various models of Netgear home routers are vulnerable to hackers. The security flaw could potentially expose users’ login passwords, which are commonly used for a number of different accounts. According to Netgear, the vulnerability
According to Netgear, the vulnerability occurs “while the password recovery feature is disabled, when an attacker can access the internal network or when remote management is enabled on the router.” By default, remote management is turned off, but this setting can be changed through the router’s advanced menu.
These latest vulnerabilities have surfaced a matter of months after many models of Netgear router were discovered to have a “Command Injection” security flaw. 2016 also saw a sharp rise in IoT-powered botnet attacks, raising the prospect that vulnerable Netgear routers are at risk of infection and could be used as bots as well.
Anyone with physical access can exploit vulnerable routers
Trustwave security researcher Simon Kenin stumbled across Netgear’s latest security issue because he wanted to stay in bed and find his lost password instead of going downstairs. Detailing his account in a blog post, Kenin expands on the scale of the problem faced by Netgear and its users.
“For starters, it affects a large number of models. We have found more than ten thousand vulnerable devices that are remotely accessible. The real number of affected devices is probably in the hundreds of thousands, if not over a million.
The vulnerability can be used by a remote attacker if remote administration is set to be Internet facing. Anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public wifi spaces like cafés and libraries using vulnerable equipment.”
“With malware such as the Mirai botnet being out there, it is also possible that some of the vulnerable routers could be infected and ultimately used as bots as well. If running a bot is not possible, the DNS can be easily changed to a rogue one to further infect machines on the network.”
Netgear flaws allow attackers to gain a foothold into local networks
Art Swift, President of the Prpl Foundation, described the potential consequences of Netgear’s latest security flaw:
“Once these devices have been compromised, especially routers, IoT hubs, and network gateways – due to the fact that they are very often on a local network – they represent a gateway to the network, and can be used to perform a series of attacks on the network bypassing network protection. This can cause a Trojan horse situation for the attackers to get a foothold into the local network.
“Unfortunately the vast majority of manufacturers focus solely on time to market with security as an afterthought. Good security is at least half about good management of the product, yet the consumer technology industry prioritises the user experience over everything else.”
“Regulators must understand this and so should impose a bare minimum standard for security updates – forcing manufacturers to administer these, so devices are not left unpatched for too long. If there is this shift of responsibility from the end user to the vendor, it demands a secure infrastructure extended into the device itself.”
Netgear’s Knowledge Base article provides users with a way of testing to see if their devices are vulnerable, and offers new firmware to patch the problem.
Update: Netgear has responded to this article to ensure customers that it is aware of the vulnerability and has been working with security analysts to resolve the issue. The company says that firmware fixes are currently available for the majority of the affected devices. Netgear’s full statement is here.