These days, consumers get hold of blazing fast internet connection at their homes, thanks to high-performance routers and better media utilization. However, it is these high-performance routers that often make the entire home networks extremely vulnerable.
VpnMentor did a detailed assessment on such GPON or Gigabit Passive Optical Networks and they have uncovered a way that can be used to bypass all authentication mechanisms on these devices.
The vulnerability is called CVE-2018-10561, where CVE stands for Common Vulnerability and Exposures. This is a standard technique used by tech companies to name discovered vulnerabilities.
The flaw has been discovered in HTTP servers on GPON networks that check specific paths when authenticating the router.
The attacker can bypass the authentication simply by adding an image suffix to the URL. Even worse, this vulnerability can be used to remotely execute commands on the device and take complete control of the device.
The firm said that during the analysis of GPON firmware, they discovered two vulnerabilities that can be used to take over the user’s home computers or any other device connected to the network.
While looking through the device functionalities, the firm found that it is also quite easy to execute commands on the remote computer by bypassing the authentication.
The attacker can not only use these vulnerabilities of seeing the IP address of the system, and even find the matching physical address, but they can also see what the user is doing on the internet.
It is possible to form a MiTM or Man-in-the-Middle attack, harvest information from web pages and even steal user credentials.
From this vulnerability on the routers, even attackers can breach the privacy of individuals. This includes browser history up to thirty days, Facebook or Twitter pages visited, emails opened and even more.
The firm tested the vulnerability on all the GPON routers used in the market and found the security hole in all of them.
GPON is an optical fiber-based network. It gives up to 1Gbps internet speeds at homes. It is quite frequently used in small offices or homes with multiple devices.
GPON routers are deployed by ISPs that provide FTTH or Fiber to the Home connectivity. A lot of ISPs globally provide this connectivity.
A great feature of GPON is the ability to consolidate multiple services into a single fiber.
If you have a GPON router at your home or office that is provided by your ISP, contact them immediately to check for a firmware update.
The router manufacturer will provide with a firmware update to patch this vulnerability.
If you use an aftermarket GPON router that you purchased separately, the check with the manufacturer about the firmware update.
Until the firmware is updated, use any security suite such as an antivirus to thwart such attacks. An antivirus solution will not stop the attacks but can minimize the harmful effects. If you are sending sensitive information over the connection, make sure you use a VPN proxy.
Our habits always have a pattern. Be it related to sleeping hours, working, listening to…
On the social site Instagram, users can update their status as stories, which they can…
Because of various upgrades in technology, things have moved pretty fast and the competition level…
Ever since the term ‘Artificial Intelligence’ was coined, people desperately wanted to know what it…
In recent days, there has been a lot of discussion regarding the iPhone 16 Pro…
With a boatload of new additions, like Apple Intelligence and a dedicated Camera 'Button', the…