Researchers Say Many ISPs Home Routers Can Be Compromised As A Group

Check Point researchers warned customers that the ISP servers used to manage their routers are easily accessible online. This and other gateway devices can be easily attacked and hacked by third parties.

Shahar Tal, a Check Point Software Technologies security researcher, said that access to these servers could allow intelligence or hackers to compromise not just thousands but millions of routers. Worse, they could also do the same to the home networks servers serve.

The problem is rooted from the use of customer-premises equipment wide area network management protocol (CWMP) or popularly known as TR-069. Many ISPs technical support departments have this as leverage to remotely troubleshoot router problems such as configuration problems.

Tal said the custom firmware that runs on ISPs often hides the setting page of TR-069. This makes customers unaware that their routers are accessible and can be controlled by their ISPs. These servers operate Auto Configuration Servers (ACS) to which the TR-069 devices can be connected. Third-party companies developed specialized software for ACS that runs on ISPs. The software is then used to monitor customers for malicious activity and faults, re-configure their devices, upgrade firmware, and run diagnostics.

If the ACS is compromised, the attacker could gain access to information such as hardware MAC address, VoIP credentials, administration usernames, passwords, and wireless network names. This is alarming as the 2011 statistics revealed that there are 147 million devices online that are connected with TR-069. More alarming is 70% of these devices are under residential gateways.

Tal further found out that the encryption and authentication required by the protocol does not prevent attackers from controlling routers. He and his colleagues found out that ISPs with ACS have remote code execution vulnerabilities, which the attackers could use to manage servers. One example they tested is GenieACS.

As of now, there is no concrete solution for this. One way to address the issue is to restrict access to ISPs auto-configuration servers. This can be done by running them on a separate network segment.

Researchers Say Many ISPs Home Routers Can Be Compromised As A Group

Latest News

'Single's Inferno' Season 4 Drops January 2025 With New Cast: 'This Will Be The Hottest Season Yet'

Actress Lee Ji Eun Found Dead Inside Her Home

Park Shin Hye’s Agency Salt Entertainment Releases Official Statement Regarding Malicious Commenters

KCCDC Opens Latest Virtual Exhibition with ‘K-Art at Home: Robin Ha’

Ji Soo Admits to School Bullying Rumors Through Handwritten Letter

Most Popular

Kim Yi Hyuk: North Korean Defector Who Fled with Family on Wooden Boat Dies Shortly After Freedom

Oh Yo Anna's Last Post Reveals Facial Injuries Before Untimely Passing— Cause of Death Unspecified

American YouTuber Who Admits to Have Reported IU to the CIA Calls for More to Join the Cause

Chae Soo Bin's Dating History: 5 Rumored Boyfriends of the 'When the Phone Rings' Star

Lee Yi Kyung Reveals Rich Dad Once Offered Him Money to Deter Gay Film Role: 'It Felt Insulting'