It is reported that many routers, especially those of AT&T® U-Verse customers, can be hacked remotely making use of many security vulnerabilities. Five security flaws were detected in the common consumer Arris routers that are used by customers of AT&T® and some of the other internet providers across the globe.
Joseph Hutchins, who is an information security consultant, explained the flaws in routers in a blog post. He described that some of these flaws occurred due to “pure carelessness.”
As per the report, the modems Arris NVG589 and NVG599 that make use of the latest 9.2.2 firmware are vulnerable, but it is not yet clear who is responsible for the bugs in the modems. In the opinion of Hutchins, some of the flaws might have been introduced after the delivery of the modems to the internet providers, as they usually add customized code to facilitate remote interactions like diagnostics and customer support.
“Some of the problems discussed here affect most AT&T U-verse modems regardless of the OEM, while others seem to be OEM specific,” said Hutchins. “So it is not easy to tell who is responsible for this situation. It could be either, or more likely, it could be both.”
There are hardcoded credentials among the vulnerabilities that can allow “root” remote access to the affected devices, offering an attacker full control over the devices. Attackers can connect to affected routers and log in using a publicly disclosed username and password. This will grant the user access to the menu-driven shell of the modem. The attacker will then be able to change the name and password of the Wi-Fi router. The vulnerability will also allow the attacker to make changes to the network setup like rerouting the internet traffic to some malicious server.
As per the report, the shell also allows the hacker to inject advertisements to unencrypted internet traffic making use of a dedicated module. This is a very common tactic that is used by many web companies and internet service providers. Hutchins said that there is no “clear evidence” for the particular module to be running, however noted that it was still venerable, letting hackers inject their own malware or money making ads.
Router flaws do not always result in unauthorized network access, but can lead to hijacks as part of botnet operations. An example of such botnet operation is Mirai, which can throw services and websites offline.