CATEGORIES
home News

Millions Of High Speed Fiber Internet Home Routers Susceptible To Hijacking And Data Snooping

by Shane McGlaunThursday, May 03, 2018, 04:15 PM EDT

For the privileged Americans that can get fiber internet to their home with blazing fast upload/download speeds, there might be more to worry about than blowing through their data allotment in a couple days. Reports are surfacing that various GPON home routers have flaws that could allow nefarious hackers to bypass all authentication on the devices.

fiber optic

The method of bypassing authentication is as simple as attaching an image suffix to the URL of a GPON HTTP server. VpnMentor says that after the initial authentication is bypassed, a command injection vulnerability (CVE-2018-10562) to run commands on the device can be executed. These two critical vulnerabilities, when combined, can allow complete control of the home network.

The company said, “While looking through the device functionalities, we noticed the diagnostic endpoint contained the ping and traceroute commands. It didn’t take much to figure out that the commands can be injected by the host parameter. Since the router saves ping results…and transmits [them] to the user…it’s quite simple to execute commands and retrieve their output with the authentication bypass vulnerability.” 

These vulnerabilities would allow an attacker to see the IP address of specific routers and in some cases match those to physical addresses. The attacker could also see what the user is doing online. Skilled attackers could also set up a man-in-the-middle phishing page to harvest user credentials.

“There’s a privacy aspect here too,” explained Ariel Hochstadt, co-founder of vpnMentor, in an interview with ThreatPost. “It’s possible to take an entire browsing history for someone from the last 30 days and send it to all of their friends, via Facebook or mail, because you have access to the browsing history and you can skim credentials.”

GPON is a fiber-based passive optical network ISP deployment, it is viewed by many as the future of broadband. “We tested this vulnerability on many random GPON routers, and the vulnerability was found on all of them,” the vpnMentor researchers said. “Because so many people use these types of routers, this vulnerability can result in an entire network compromise.”

Tags:  security, Hack, Hacker, fiber-optic
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment