Hundreds of Thousands of Home Wi—Fi Routers Are Under Attack - What to Do

Hundreds of Thousands of Home Wi—Fi Routers Are Under Attack - What to Do

If you are using a pre-2015 home Wi-Fi router, Wi-Fi range extender, or Wi-Fi USB network adapter, it may be time to put it in the closet and buy a new model. Because your devices could be hacked on the Internet right now.

Hundreds of home networking devices made and sold by at least 65 companies have been found to have serious flaws, and cybercriminals are already attacking them. A list of vulnerable devices is included at the end of this page.

Most of the affected models were released between 2010 and 2015, with at least some dating back to 2004. IoT Inspector, the German information security firm that discovered the flaw, estimates that there are hundreds of thousands of vulnerable individual devices currently in use worldwide.

"By exploiting these vulnerabilities, a remote, unauthenticated attacker can completely compromise the target device and execute arbitrary code with the highest level of privilege," IoT Inspector wrote in its report.

Known criminal organizations have already attacked these devices using the flaws outlined in the IoT Inspector's report, which was posted online a week ago (August 16).

According to Israeli information security firm SAM Seamless Network, operators of a botnet using a variant of the infamous "Mirai" malware that shut down Internet access for most of the East Coast of the United States one afternoon in October 2016 launched an attack It took only two days to launch the attack.

The particular flaw being exploited by the botnet gang involves remote hijacking of routers via the management interface, but sadly, simply turning off remote access to the management interface does not solve the problem.

Landing on a malicious website on a computer using the router is enough. There are three other serious flaws.

All of these vulnerable devices use Wi-Fi chips manufactured by a Taiwanese company called Realtek. Realtek plans to release more patches in the future, but has no plans to fix its oldest chipsets.

Unfortunately, these patches must be implemented and tweaked by the manufacturers of the vulnerable devices, then pushed out to consumers as firmware for new devices.

It is unlikely that many patches are still available for download or installation, and it may be several months before all updated firmware is available. The oldest devices will probably never be patched.

If you own one of the devices listed below, here is what you should do.

If the device is only a few years old, say since 2015: there will probably be a firmware update within a few months.

Check the manufacturer's website now for updates released after August 13, 2021. See if the firmware release notes reference vulnerability ID numbers CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, CVE-2021-35395, mention Realtek, or IoT- to find the flaw. Inspector to be credited.

If so, the firmware will correct these problems. Follow the instructions on the manufacturer's website to download and install the firmware. (Here is how to update router firmware for various brands.)

If the update is not available now, disconnect the device and use another router or access point until the updated firmware becomes available. point.

If the device was released between 2010 and 2015: firmware updates may or may not be available. As above, check the manufacturer's website for existing firmware updates and follow the instructions.

If nothing has been released since August 13, 2021, remove the device and keep checking the website for the next few months.

If the device was first released before 2010: there will probably be no firmware updates. Get a new device.

]

Categories