There are plenty of reasons to use a router for internet connectivity, rather than relying on the hardware offered by an internet service provider. Unfortunately, not all of the routers in circulation are all that secure. A recent investigation unveiled how thousands of ZHONE routers operated by top enterprises around the world are vulnerable to a remote zero-day exploit.
This exploit was discovered by Vantage Point Security senior security consultant Lyon Yang. Not only are major companies around the world affected by this ZHONE router vulnerability, but customers of a major Singaporean telco as well. At the time of publication, the name of the Singaporean internet provider was not made public, but we do know customers of the ISP are forced to use the ZHONE router.
What may be the most worrying fact about those ZHONE routers is how they are affected the security vulnerabilities as soon as they leave the manufacturer. By the look of things, the software installed by the manufacturers is not safe from harm by any means, as Lyon Yang confirmed it is “quite easy to pull off the remote hijack exploit”.
However, this zero-day exploit was not the only part that worried security experts, as a total of seven vulnerabilities had been identified – and patched – just last week. All of these patches have been developed by the affected internet service provider, which makes the end user responsible for upgrading their router firmware on their own accord. Most everyday consumers are not tech-savvy enough to pull off this upgrade, rendering these patches all but useless.
Furthermore, the remote hijacking vulnerability – which occurs through the ZHONE routers’ ping functionality – has only been partially patched, and can still be exploited by hackers right now. Additionally, the Singaporean ISP in question does not give users the necessary credentials for accessing administrative areas of their routers.
In fact, these credentials are stored in cleartext within a backup configuration the user can access. As you may have guessed by now, attackers can overwrite this backup file and inject their own arbitrary passwords. While there is a solution available to individual users – activating the device’s bridge mode and use a different router – this is not a long-term solution to fixing this issue.
Such a zero-day exploit in ZHONE routers could have major ramifications all over the world. Being able to hijack a router, will allow hackers to do all kind of malicious things, including closely monitoring all internet traffic. Doing so could put Bitcoin users, as well as any other type of financial information broadcasted through a connection over a ZHONE router, at risk of being intercepted.
What is even more worrying is how the manufacturer itself does not seem to bother fixing this vulnerability anytime soon. The Bitcoin ecosystem houses some of the most brilliant developers in the world, and it could prove to be beneficial if a team of devs reached out to ZHONE and proposed a fix to this exploit.
What are your thoughts on this ZHONE zero-day exploit? Do you know of any company using this type of router? Let us know in the comments below!
Source: The Register UK
Images courtesy of Shutterstock, ZHONE, Vantage Point Security
1 Hova Villas Brighton & Hove
BN3 3DH United Kingdom
All rights reserved by Bitcoinist Ltd. | 2016.