Researchers Say Many ISPs Home Routers Can Be Compromised As A Group

Check Point researchers warned customers that the ISP servers used to manage their routers are easily accessible online. This and other gateway devices can be easily attacked and hacked by third parties.

Shahar Tal, a Check Point Software Technologies security researcher, said that access to these servers could allow intelligence or hackers to compromise not just thousands but millions of routers. Worse, they could also do the same to the home networks servers serve.

The problem is rooted from the use of customer-premises equipment wide area network management protocol (CWMP) or popularly known as TR-069. Many ISPs technical support departments have this as leverage to remotely troubleshoot router problems such as configuration problems.

Tal said the custom firmware that runs on ISPs often hides the setting page of TR-069. This makes customers unaware that their routers are accessible and can be controlled by their ISPs. These servers operate Auto Configuration Servers (ACS) to which the TR-069 devices can be connected. Third-party companies developed specialized software for ACS that runs on ISPs. The software is then used to monitor customers for malicious activity and faults, re-configure their devices, upgrade firmware, and run diagnostics.

If the ACS is compromised, the attacker could gain access to information such as hardware MAC address, VoIP credentials, administration usernames, passwords, and wireless network names. This is alarming as the 2011 statistics revealed that there are 147 million devices online that are connected with TR-069. More alarming is 70% of these devices are under residential gateways.

Tal further found out that the encryption and authentication required by the protocol does not prevent attackers from controlling routers. He and his colleagues found out that ISPs with ACS have remote code execution vulnerabilities, which the attackers could use to manage servers. One example they tested is GenieACS.

As of now, there is no concrete solution for this. One way to address the issue is to restrict access to ISPs auto-configuration servers. This can be done by running them on a separate network segment.

Researchers Say Many ISPs Home Routers Can Be Compromised As A Group

Latest News

'Single's Inferno' Season 4 Drops January 2025 With New Cast: 'This Will Be The Hottest Season Yet'

Actress Lee Ji Eun Found Dead Inside Her Home

Park Shin Hye’s Agency Salt Entertainment Releases Official Statement Regarding Malicious Commenters

KCCDC Opens Latest Virtual Exhibition with ‘K-Art at Home: Robin Ha’

Ji Soo Admits to School Bullying Rumors Through Handwritten Letter

Most Popular

Kim Soo Hyun's Bubble Messages One Week After Kim Sae Ron's Tragic Death Spark Outrage

Kim Soo Hyun's Agency Faces Backlash Over Desperate Outreach to Kim Sae Ron's Family

What is Garo Sero Research Institute? Kim Soo Hyun's Accuser Branded 'Cyber Wreckers' Over Dubious Profit-Generating Methods

Kim Sae Ron's Family Shares Late Star's AI-Generated Message: 'I Hope I Don't Make You Cry Too Much'

Kim Soo Hyun's Past Relationships: Korean Actresses Rumored to Have Dated the Now Controversial Actor