Newfound Router Flaw Lets Hackers Control Home Internet Connections: F-Secure

Advertisement
By ANI | Updated: 2 September 2016 18:37 IST

F-Secure researchers have uncovered a critical vulnerability in some models of Inteno home routers that, if exploited, is severe enough to allow an attacker complete control over the victim device and the Internet traffic traveling through it. The finding highlights the security challenges plaguing consumer routers.

The vulnerability allows an attacker to install their own firmware to the device, which would still work as before, but with back doors and other unwanted features. An attacker exploiting the flaw would be able to listen in on unencrypted traffic going through the router, not just device-to-internet, but device-to-device inside the home; as well as manipulate the victim's browsing sessions by redirecting to malicious sites.

Advertisement

(Also see: The Internet of Insecure Things)

"By changing the firmware, the attacker can change any and all rules of the router," said Janne Kauhanen, cyber security expert at F-Secure.

"Watching video content you're storing on another computer? So is the attacker. Updating another device through the router? Hopefully it's not vulnerable like this, or they'll own that too. Of course, HTTPS traffic is encrypted, so the attacker won't see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine," he added.

The router type in question typically receives firmware updates from a server associated with the user's internet service provider (ISP). But problematically, the vulnerable routers make no effort to confirm the update is valid and comes from the right place.

Advertisement

An attacker who has already gained access to the traffic between the home router and the ISP's update server (for example, by accessing an apartment building's network distribution trunk) can set up his own update server. He could then apply a malicious firmware update.

Researchers say this case is just the tip of the iceberg when it comes to router security issues. And while the need for computer security is well understood, consumers are often unaware that a router is just as vulnerable.

Advertisement

(Also see: India Developing Secure Second-Generation Routers)

"It's ridiculous how insecure the devices we're sold are," says Kauhanen.

Advertisement

"We and other security companies are finding vulnerabilities in these devices all the time. The firmware used in routers and Internet of Things devices is neglected by manufacturers and their customers - by everyone except hackers, who use the vulnerabilities to hijack Internet traffic, steal information, and spread malware," he added.

The flaw, while severe, is not immediately exploitable. An attacker would need to have already achieved a privileged network position between the router and the point of entry of the internet. Affected devices are Inteno EG500, FG101, DG201, and possibly others.

According to Harry Sintonen, the F-Secure senior security consultant who found the vulnerability, there is no way for a consumer to prevent their router getting exploited, short of replacing it with a new router without this particular vulnerability, or by installing the firmware that fixes the issue once it is available.

However, he points out that replacing the router is problematic advice. "As vulnerabilities in consumer DSL equipment are extremely common, it could well be that the device switch only leads to an even worse security situation," he says.

(Also see: Ransomware Criminals Seek to Show They Care About You: F-Secure)

By following the usual security best practices, however, consumers can mitigate damages should their router become a victim of attack.

Keep browsers and other software updated to prevent hackers exploiting security flaws in old software.

Use reliable internet security software such as F-Secure SAFE that stays constantly updated, to prevent a hacker from dropping malware.

Use a VPN such as F-Secure Freedome to encrypt internet traffic even if the router was hacked, encryption would prevent an attacker from spying.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo Y500 4G Makes Global Debut With an 8,100mAh Battery: See Price
  2. Everything We Know About the Nothing Phone 4b
  3. Samsung Galaxy Z Fold 8 Series, Galaxy Flip 8 Price Leaked Ahead of Debut
  1. Vivo Y500 4G Launched With 8,100mAh Battery, 50-Megapixel Rear Camera: Price, Specifications
  2. Moto G77 Power Listed on Company's Website With Key Specifications Before July 8 Debut
  3. Samsung Galaxy Z Fold 8, Galaxy Fold 8 Ultra, Galaxy Flip 8, Watch 9 Prices Leaked Online Ahead of Launch
  4. Xiaomi 18 Pro Max Camera, Display, Battery Details Tipped; May Get 8,500mAh Battery, 200-Megapixel Cameras
  5. iPhone 18, iPhone 18e Tipped to Get 9GB RAM Upgrade for Apple Intelligence; Pro Models May Stick With 12GB
  6. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  7. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  8. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  9. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  10. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.